Risk Management
Risk Management
Management Approach:
Bora Pharmaceuticals is committed to enhancing corporate governance and implementing sustainable business practices. By identifying risk categories within operational contexts across various departments, we conduct systematic risk assessments based on factors such as financial impact, reputational influence, policy and litigation risks, and technological substitutability. This ensures the proper management of significant risks throughout the company’s operations. Through transparent communication and the involvement of management, we promote comprehensive risk management to achieve sustainable development and safeguard value for stakeholders.
Risk Management Policy
Bora Pharmaceuticals assesses the adequacy of management policies (including existing standard operating procedures, business continuity plans, etc.) and contingency measures for identified risks. If there are deficiencies, the emergency response team assists, with the commander responsible for directing resource allocation to minimize personnel injuries and property losses during emergencies.
Risk Identification and Response Measures
|
Risk Category |
Risk Impact |
Response Measures |
|
Network Information Security |
Cyberattacks could lead to data leaks, transaction impersonation, or network paralysis, causing operational interruptions, significant financial losses, and reputational damage, potentially leading to legal issues. Bora Group expanded its attack surface with mergers in 2023, necessitating attention to acquired companies’ potential cybersecurity risks. |
l Replace old firewalls with new-generation ones. Implement strict firewall policies, exclude unsafe domains, and have cybersecurity personnel monitor, analyze, and manage daily anomalies. l Conduct continuous education and training to enhance employee cybersecurity awareness. l Execute vulnerability scans and update or replace outdated systems and equipment to improve security. l Filter spam emails to reduce the risk of phishing attacks. l Conduct social engineering drills to raise awareness and reduce the risk of falling into traps. l Implement new backup systems to daily backup all systems and databases, and establish an off-site backup mechanism. l Execute identity verification to reduce the risk of system account misuse. l Conduct relevant cybersecurity checks and controls before and after mergers. |
|
Product Responsibility and Safety |
During GMP-related regulatory changes, immediately assess whether the plant needs to implement corresponding measures to avoid non-compliance. Risks related to product manufacturing quality are evaluated according to PIC/S GMP regulations. If the process encounters abnormalities or test results do not meet standards, products are deemed non-compliant and not shipped, ensuring no risk to customers. |
l Regularly assess the impact of domestic and international regulatory trends on the company and design corresponding measures. l Conduct comprehensive investigations based on events to identify root causes, perform risk assessments when necessary, and implement corrective and preventive measures. If a recall is needed, immediately notify the regulatory authority (TFDA) to comply with PIC/S GMP requirements. |
|
Process Safety |
The production environment for pharmaceutical manufacturing is primarily based on PIC/S GMP and Good Manufacturing Practice standards. The operating environment temperature is maintained at 23±4°C, and humidity is controlled below 60% RH. With global warming and climate change, maintaining operating environment temperature and humidity becomes increasingly challenging. |
Improve air conditioning systems, use energy-saving variable frequency air conditioning equipment, and adjust shift schedules to reduce the frequency of air conditioning startups and shutdowns, maintaining the stability of the operating environment and reducing the impact of external environmental changes. |
|
Regulatory Compliance |
Pharmaceutical, food, cosmetics, and medical device regulations are becoming increasingly stringent. Products that do not meet regulatory standards cannot undergo inspection and registration or must be discontinued. |
l Product labeling and advertising materials are controlled through the printing confirmation process and reviewed by the Pharmaceutical Regulatory Group. Non-compliant materials are returned to the marketing department for modification, reducing the risk of violations. l Actively participate in regulatory training and meetings held by authorities or associations and communicate the information to relevant departments through internal training sessions. |
|
Supply Chain |
Some raw materials are produced only in specific regions, making the supply chain vulnerable to regional natural disasters or political risks, leading to supply shortages or delays, affecting product production and sales. |
l Establish a diversified supply chain to reduce dependence on a single region or supplier. Regularly conduct risk assessments and supplier evaluations to ensure supply chain stability and sustainability. l Enhance supplier evaluation and supervision to ensure product quality and compliance. Improve communication and training with suppliers to increase their understanding and adherence to quality and compliance requirements. |