Risk Management Policy
Sustainability
We believe that effective risk management - aimed at minimizing risks and maximizing opportunities - is essential to ensuring sustainable growth and maintaining trust.
Fundamental Principles
To advance sustainable management practices, we identify risks that could have a significant impact on our business or financial performance, implement appropriate controls, and strive to minimize their potential adverse effects.
Establishing a Risk Management Framework
We regularly monitor, assess, and analyze key risks, and provide necessary guidance and advice to departments. Risk management matters are deliberated and approved by the Board of Directors, and we have established a framework for periodic reporting to shareholders.
Risks Associated with Business Activities
Risks associated with our business activities include market fluctuations, regulatory changes, climate change, and natural disasters.
Enterprise-Wide Risk Identification and Prioritization
We periodically identify and reassess material risks, evaluate them comprehensively based on their likelihood, potential impact on our business, and urgency, and prioritize our responses accordingly.
Managing Key Risks
We identify risk categories and frameworks based on the characteristics of new and existing businesses and products, and conduct risk analyses accordingly.
Each risk management division formulates annual policies in line with our basic policy and manages risks throughout the year.
BCP and BCM Considering Climate Change
In the event of emergencies such as major earthquakes, heavy rainfall, or infectious disease outbreaks, we implement Business Continuity Plan (BCP) measures to minimize business disruption and ensure a prompt recovery.
Furthermore, we incorporate Business Continuity Management (BCM) into regular operations to ensure it is well established across the organization, as part of ongoing management activities aimed at continuous improvement.
Information Security
We maintain internal regulations for information that requires advanced management controls, including critical business and organizational data as well as other information assets.
Employee education emphasizes the importance of information security.
Monitoring and Continuous Improvement
We have established an independent Audit Department reporting directly to the President, which conducts internal audits.
These audits comprehensively review operations, evaluate risk management processes, and drive improvements.
Follow-up is conducted until corrective actions are fully implemented, and results are reported to the President, Audit & Supervisory Board Members, and the Board of Directors.
Established in November 2023
Information Security Policy
As part of our commitment to sustainable management, we consider it essential to properly protect our information assets and ensure robust information security.
We adhere to the fundamental principles of information security and strive to protect information assets and minimize risks through continuous improvement.
Fundamental Principles
We recognize the importance of protecting information assets in ensuring business continuity and implement robust security measures to guard against a wide range of threats.
Compliance with Laws and Regulations
We establish and maintain rules, including policies and guidelines related to information handling, and comply with all applicable domestic and international laws and regulations, as well as contractual obligations with customers and business partners.
Management and Protection of Information Assets
We classify information assets based on their importance and associated risks, and establish clear handling procedures to ensure their proper management.
Education and Training
Recognizing that people are at the core of information security, we dedicate ourselves to systematic employee training and conduct joint exercises with our group companies.
Emergency Response
We maintain a framework that enables prompt response to information security incidents, including cyberattacks, to minimize damage and prevent recurrence.
Monitoring and Continuous Improvement
We regularly conduct information security assessments to evaluate the effectiveness of our measures and use the insights gained to continuously enhance our information security.
For our domestic subsidiaries, we conduct periodic evaluations based on common guidelines to ensure consistent information security standards.
Established in November 2023