The Isuzu Group manages various risks surrounding its business in a systematic and integrated manner in order to achieve sustainable growth and enhance corporate value. Through risk management initiatives, we will strive to minimize risk, improve operational efficiency, create business opportunities, enhance our competitive advantage, and build relationships of trust with our stakeholders.

To improve the division of responsibilities and effectiveness of risk management activities throughout the Group, we have established a risk governance structure based on a Group-wide three-line defense system.
Isuzu's divisions and the Group companies under their supervision serve as the first line; the Enterprise Risk Management Department functions as the second line under the direction of the Group Chief Risk Management Officer (CRMO); and the Corporate Audit Department serves as the third line. Each line of defense works in cooperation with the others in risk management activities.
In order to ensure the effectiveness of risk management activities, Risk Management Review Meeting is held every month to confirm the status of risk mitigation efforts and incident management of each division and Group company, focusing on the Group's priority risk, and to report the details of the meeting to management.

The Isuzu Group comprehensively identifies risks that could affect its business management, assesses them quantitatively and qualitatively, formulates specific risk mitigation plans for risk reduction, and then promotes implementation and monitoring of the plans.
Believing that it is essential for all employees to view risk management activities as their own business, we also continue to foster a risk culture to achieve sustainable growth and maximize corporate value.

The Isuzu Group prioritizes risk mitigation efforts for risks of particularly high importance in each division of the Company and in each Group company. From the Group-wide perspective, the Group has defined risks that could affect its business or management as Group Priority Risks and implemented Group-wide risk mitigation efforts.
Group Priority Risks are identified and selected from the following four perspectives to ensure that no omissions are made:

1. Bottom-up risk identification through risk assessments from each division of the Company and Group companies
2. Top-down risk identification through CRMO interviews
3. Risk occurances within the Company or at other companies
4. Changes in the external environment, etc.

The Isuzu Group has established a structure to comprehensively and promptly identify risk occurances and implement effective initial responses. If any such risks have the potential to affect the business or management of the Isuzu Group, they are promptly escalated to management, and management makes a decision on how to respond to them. Then, under the direction and supervision of the CRMO, a crisis response team is formed, and various countermeasures are implemented to minimize the risk.
Furthermore, we analyze the root causes of risk occurances to verify the effectiveness of our countermeasures. By doing so, we organically link the Risk Management Process and the Crisis Management Process, aiming to optimize risk management across the entire Isuzu Group.

The Isuzu Group recognizes information security risk as a particularly important risk in its risk management activities.
To prepare against existing risks such as information leaks as well as new risks such as cyber-attacks, the Group strives to ensure information security by developing internal structures, and by implementing various countermeasures, including education and training for employees.

Cybersecurity Initiatives

In recent years, the automotive industry has seen rapid advancements in vehicle digitalization and automated driving technology due to advances in IT technology, and this has increased the importance of information security. Also, the risk of cyber-attacks and data leaks has increased, making it essential to protect customer information and vehicle control systems.
The Isuzu Group is strengthening cybersecurity for its products, plants, IT systems, and the supply chain. We participate in J-Auto-ISAC^*, an organization that collects and analyzes information related to cybersecurity of vehicles. Through this participation, we gather information on security incidents detected within the industry and have established a system for the development and manufacturing of vehicles with cybersecurity considerations in place.
These activities are conducted with reference to the Cybersecurity Management Guidelines set forth by the Ministry of Economy, Trade and Industry, as well as international standards such as ISO 21434, ISO 27001, NIST SP800-171, and UN-R155/156, which were adopted by the World Forum for Harmonization of Vehicle Regulations (WP.29) under the United Nations Economic Commission for Europe.

1. *J-Auto-ISAC: Japan Automotive ISAC, a Japanese automotive cybersecurity organization.