The risk management structure is constructed so that each executive officer possesses responsibility for his assigned duties. In addition, important management implementations are discussed and decided by all the executive officers in the executive officers' meetings. The synergistic effect of all executive officers participating in management and information creates a multi-dimensional risk management structure.

To fulfill its obligations to stakeholders, Mitsubishi Electric makes every effort to minimize business risks and to avert the occurrence of incidents in such areas as ethics, compliance, environment, product quality and others that significantly affect society, working to discover risks as early as possible and formulate countermeasures.

From fiscal 2009, the Financial Instruments and Exchange Law will mandate the introduction of an internal control reporting system, requiring enhancement of internal control frameworks. In order to ensure reliability in Group financial reporting, the Mitsubishi Electric Group established a division in July 2006 to promote the construction of an internal control system. This division continues to reinforce the Group's internal control structure.

The Group works to quickly discover latent risks in business activities that can impact or potentially impact the environment in a substantial way.

In order to prepare for the event of an accident or emergency, head office divisions, which are responsible for manufacturing facilities, R&D centers, branch offices and affiliates, as well as branch offices, which handle sales operations, have developed detailed risk descriptions and procedure manuals that specify departmental responsibilities. Mitsubishi Electric also anticipates the possibility of accidents, claims, or violations of the law occurring by construction subcontractors or companies working under outsourcing agreements, and informs these outside parties of our risk response procedures, as well as request that they ensure to implement the proper procedures in their respective organizations.

Each of our business sites run tests once a year to determine if the managers in charge are capable of appropriately responding to an emergency. The tests simulate an emergency that has the potential of occurring to determine whether communication channels, the chain of command, movement methods at the site, and reporting procedures function properly. When problems are uncovered, the procedures are revised and the new version is publicized throughout the organization. The tests also serve as drills to help employees become proficient in the proper response procedures.

The Mitsubishi Electric Group has occasions to obtain personal information of customers through questionnaires, registration of purchased products, and after-sales service. At times, we also obtain personal information of people who desire to become employed at the Mitsubishi Electric Group. To take care in the handling and proper management of this information, we have set up a management system to protect personal information and are working to make it mandatory to Mitsubishi Electric's personnel (executives, employees, part-time workers, temporary employees, etc.) and other affiliated persons. In October 2001 we created company rules pertaining to the protection of personal information, and in April 2004 announced a personal information protection policy. On March 1, 2007 we enacted revisions according to the standard "JIS Q15001; 2006," meeting requirements to attain the Privacy Mark.

We strengthened security management not only for personal information but also for confidential corporate information, which includes information on sales, technical matters and intellectual property. This information is managed through organizational, human, physical and technological security measures. As a part of this effort, in February 2005 we announced the "Declaration of Confidential Corporate Information Security Management" in order to clearly publicize our stance both internally and externally that the company enforces the proper handling of various types of information. For information that has been entrusted to us by other companies, we uphold confidentiality agreements by all means, and we also work to manage and protect such information using the same security measures we use for our own information.

Confidential Corporate Information and Security Measures

Mitsubishi Electric strives to constantly make improvements in its activities for managing confidential corporate information and to protect personal information through application of a plan-do-check-act, or PDCA, cycle. First of all, we revised internal rules as needed to comply with current law. Also, we have been conducting e-learning educational training since fiscal 2005 and distributed procedures for the management of company secrets to all Mitsubishi Electric employees in October 2005 in order to ensure employees are fully aware of the goals of the "Declaration of Confidential Corporate Information Security Management." In addition, self-audits are conducted at the workplace level along with internal audits by staff from the head office on the status of confidential corporate information and personal information management.

Systems and structures have been established at affiliate companies as well, based on the policies laid out by Mitsubishi Electric and in accordance with the conditions prevailing at each company and location. We intend to improve the quality of management across the entire Group by building and following PDCA procedures for the protection of Confidential Corporate Information and personal information.

Mitsubishi Electric has a system for responding to accidents and natural disasters in which the Disaster Response Headquarters, Management Response Headquarters and Business Group Response Headquarters work together under General Headquarters, which is headed by the President.

In the event an emergency situation involving an accident or natural disaster arises, we first ensure the safety of people and physical infrastructure, then work to restore operations. The safety of people and physical infrastructure is our utmost priority, so educational activities are conducted by our Health and Safety Committee on a regular basis to ensure prompt action is taken, and general disaster prevention drills are conducted every year that include drills on escape routes and extinguishing initial outbreaks of fire.

In addition, reporting on the impact inside and outside the company follows a set channel, from the business site to the business group's administrative department to the Group president of the business group to the president. A company-wide response is determined and taken while instituting emergency measures at each stage.

Mitsubishi Electric created a disaster response manual in April 1996 to minimize injuries and physical damage and facilitate prompt relief and recovery in the event of a major earthquake. It includes measures in advance and establishes an emergency response measures directly following an earthquake, including setting up a disaster response organization and a code of conduct. Presently we are working on our business continuation plan based on the latest disaster response manual.

We have also established use of a digital Multi Channel Access (MCA) wireless system as an emergency lifeline. In addition, the information communication system and safety confirmation system using cell phone-based email have been introduced and well used in the earthquakes on Japan's Noto Peninsula and in Mie prefecture. We will continue to enforce the operational and hardware aspects in order to attain information efficiently in emergency situations.

Confidential Corporate Information and Security Measures