Product Safety and Product Security

Based on Toshiba Group Basic Policy on Product Safety and Standards of Conduct for Toshiba Group, we ensure product safety and product security, and positively disclose full information of safety to customers. We will boost our efforts to swiftly retrieve products after a recall has been announced in order to ensure the safety of our customers in the market. Furthermore, we will redouble our activities related to product safety and product security across all companies to eliminate serious accidents caused by our negligence.

In keeping with the Standards of Conduct for Toshiba Group on Product Safety and Product Security, Toshiba Group endeavors to comply with relevant laws and regulations, to ensure product safety and product security, and also to proactively disclose reliable safety information to our customers. Furthermore, we continually research safety-related standards and technical standards (UL Standards^*1, CE Marking^*2, etc.) required by the countries and regions where we distribute products, and display the safety compliance of our products in accordance with the relevant standards and specifications.

• UL Standards: Safety standards established by UL LLC (Underwriters Laboratories Inc.) that develops standards for materials, products, and equipment and provides product testing and certification.
• CE Marking: A certification mark that indicates conformity with the safety standards of the European Union (EU). The CE marking is required for products sold within the European Economic Area (EEA).

If an employee discovers information on accidents involving Toshiba products in the market, he/she promptly alerts the accident response staff in the relevant companies. Then the necessary measures are discussed and enacted by the CPL Committee^*1 of relevant companies, chaired by a senior executive, or if necessary, the Corporate CPL Committee. In the event of a serious accident attributable to a product that is likely to recur, we inform customers of the danger and request that they cease using such products, promptly report to the competent authorities, and establish countermeasures as soon as possible.
Furthermore, we are developing an information system to enable swift communication with quality assurance divisions and top management regarding information on product accidents obtained by repair and service staff as well as on how such incidents are being handled by Toshiba.
In FY2022, Toshiba disclosed a total of 6 accidents in the list of serious product accidents on our Japanese website^*2:2 cases that were suspected to have been caused by products, 4 cases in which the causes unknown.

• CPL Committee: CPL is an abbreviation combining CL (contractual liability) and PL (product liability). The CPL Committee of Group companies is chaired by its president, and promptly determines measures to deal with product accidents and quality issues.
• Accident report based on a Consumer Products Safety Act (Japanese)

The Chief Quality Executive plays a central role in ensuring thorough compliance with product safety-related laws, regulations and rules throughout the Group and also conducts periodic monitoring and audits. We provided e-learning to all related personnel in Japan (75,246 in FY2022 with participation rate of 100%) concerning the Electrical Appliances and Material Safety Law in Japan since the law has an important bearing on the Group’s products. By increasing understanding of the law we aim to prevent more accidents.
Toshiba Group is involved in standardization work of the International Electrotechnical Commission (IEC) through activities at Japan Electrical Manufacturers’ Association (JEMA), Japan Electronics and Information Technology Industries Association (JEITA) and Association of Radio Industries and Businesses (ARIB). These activities allow Toshiba to keep abreast of the latest information and adhere to the standards specified by these organizations.

Toshiba Group convenes a meeting for persons in charge of the Electrical Appliances and Material Safety Law who gather from Toshiba Group companies to prevent occurrence and recurrence of serious accidents through breaches of the law. The meeting serves as the basis for sharing product information from respective companies.
Information on serious accidents caused by procured items is also shared at meetings that aim to promote the quality of such items. The information is logged in a database as a means to enhance the quality of procured items. Product security liaison meetings are used to share examples of accidents and the latest information on product security obtained from such related organizations as Japan Computer Emergency Response Team Coordination Center (JPCERT CC). We are working to prevent accidents caused by product vulnerabilities.

Although products are equipped with various safety features, they may not be sufficient to ensure complete safety if products are in use for very long periods of time or the operating environment or conditions are extreme.
To ensure safe use of products, Toshiba Group describes correct handling of products in users’ manuals and, if necessary, through alerts placed in newspapers and on the website, or by means of leaflets, educational materials, etc.
Further, in case of Toshiba brand products which businesses are transferred outside Toshiba Group such as home appliances and visual products, we also endeavor to promote information disclosure by sharing product accident information with the companies which businesses have been transferred.

In the event of a serious defect or accident resulting from a Toshiba product or service, we promptly report the details to the competent authorities in accordance with prevailing laws and regulations. Also, in order to notify customers of such accidents as quickly as possible, depending upon the severity of damage or frequency of occurrence, we disclose product accident information directly to our customers via newspapers, websites, etc. Through our corporate website, we disclose information on accidents involving our products as posted on the website of the Consumer Affairs Agency. We also proactively disclose information concerning serious accidents, even when it is unclear whether such accidents are attributable to Toshiba products or not.

Further, in case of Toshiba brand products which businesses are transferred outside Toshiba Group such as home appliances, we also endeavor to promote information disclosure by sharing product accident information with the companies which businesses have been transferred.

In FY2022, we launched one recall company notice pertaining to product safety in the Japanese market, and are taking preventative measures that update the additional software so that customers can use our products with peace of mind. The number of products subject to the recall is 191 residential photovoltaic power generation system power storage units (manufactured by OMRON Corporation).

• Notice of Software Update of Residential Photovoltaic Power Generation System Power Storage Units (Japanese) (Toshiba Energy Systems & Solutions Corporation)

To ensure security for products, systems, and services, Toshiba Group works, in collaboration with its quality assurance divisions and procurement divisions, to ensure security for product development processes and other companies’ products used in its products under its product security management system.
We have devised plans to enhance its product security preparedness according to risk-based priorities, defining four focus areas for product security: maintenance and management of the PSIRT* framework, handling of vulnerability information, response to product security incidents, and secure development management. We are making a Group-wide effort to prepare product security checklists that summarize the security requirements to be checked at each product development stage as well as guidelines and standard recommended tools corresponding to each of the checklists.
We also ask our suppliers to understand Toshiba Group's approach to product security and cooperate with us in providing secure products, systems, and services by distributing guidelines. We have also established new guidelines to objectively determine the security risks of Toshiba Group's wide-ranging and diverse products, and are working on initiatives for enhancing product security through risk-based approaches in the supply chain that includes in-house product development and suppliers.
In terms of human resource development, for better understanding of product security and implementation thereof, we provide all Toshiba Group officers and employees with annual e-learning sessions on product security. We have also defined human resource types and responsibility levels in accordance with the work type and implemented specialist training based thereon. Furthermore, we have established and operate an in-house certification program for security personnel. Through these activities, we are developing human resources with product security expertise across all positions and divisions in order that these employees can improve security quality during product development, and identify and respond to vulnerabilities and incidents in a timely and appropriate manner during their daily work activities.
We also ask our suppliers to understand Toshiba Group’s approach to product security and cooperate with us in providing secure products, systems, and services by preparing guidelines.
Please refer to the Cyber Security Report for details on our product security efforts.

• Product Security Incident Response Team

• Toshiba PSIRT
• Cyber Security