Risk Management System and Risk Management Committee
To recognize and evaluate risks related to the execution of business comprehensively and conduct appropriate risk management, the Company has established risk management regulations, and to ensure the effectiveness of these, we have established the Risk Management Committee, which is chaired by the Chief Risk Management Officer. The Risk Management Committee determines risk management policies, evaluates risks, and examines matters such as risk prevention measures while strengthening the overall risk management system through the verify of individual matters. The range of risks to be assessed includes misconduct, fraud, and crime by officers and employees, and anti-Bribery and corruption such as entertainment and gift-giving to public officials, human rights issues including supply chain issues, environmental issues including climate change, etc. The Chief Risk Management Officer reports to the Board of Directors on risk management and other matters as necessary.
Information Security System, Information Security Management Committee, and Personal Information Management Committee
As well as establishing a Security Policy to maintain information security and a Privacy Policy to protect personal information, the Company has set up an Information Security Management Committee and a Personal Information Management Committee, both chaired by the Chief Information Management Officer, to ensure appropriate and effective management in each area, and monitored the status of information security management. We have also appointed Information Security Management Officers at each of our Group companies and are implementing thorough training in information management for all Group employees and subcontractors.
In addition, we have set up a CSIRT (Computer Security Incident Response Team) to handle security incidents and conduct training. For information systems, we are using encryption servers for storing personal information and important business information, preventing infection by intrusion prevention systems and anti-virus software, obtaining logs by each system, and detecting vulnerabilities through security diagnostics.
In response to the diversification of cyber-attacks and the increased cyber-security risks stemming from the promotion of DX (digital transformation), we have appointed a Chief Information Security Officer to implement and strengthen cyber-security measures. In addition, we are strengthening our ability to detect malware and illegal communications and reviewing our internal network construction standards.
Business Risks
Please see here for a link to Integrated Report, which contains business and other risks.