We have a risk management system in place to deal appropriately with the various types of risk confronting us.
Risk management organization
Corporations face a wide range of risks (potential crises), including that of natural disaster. In fulfilling our social responsibilities, we address such risks through preventive efforts. In addition to working to minimize any damage, we also help prevent recurrence by instituting risk management rules, and by building risk management framework, including the organization and rule formation that enable us to aptly respond when an emergency occurs. We are constantly looking for ways to improve our processes so that each employee can have a deeper understanding of risks in their daily work and therefore respond quickly to the occurrence of unexpected risks as well as work toward early resolution or mitigation.
Responding to risks
Our responses to emergent risk are laid down in our Risk Management Manual, in which various risks are anticipated, and a system for prompt reporting of emergent risk to top management is established. In the event that an emergency occurs in Japan or overseas, a Crisis Management Team will be quickly established in the area(s) where the emergency has occurred, and the Headquarters Crisis Management Team will be activated at Head Office to manage and control the situation as quickly as possible.
Business Continuity Management (BCM)
The NHK Group BCP Basic Policy and NHK Group BCP Guidelines are distributed to all NHK Group companies worldwide. We are also currently developing our Business Continuity Management (BCM) system. When a risk materializes, the framework calls for a Crisis Management Team to convene, whereupon the departments directly affected or otherwise related will unify in their efforts under direction of the Crisis Management Team leader. They will respond to the crisis immediately and under the basic policy of placing top priority on human life, taking responsibility for supply to customers, and fulfilling social responsibilities.
NHK Spring headquarters, each of its plants and each domestic Group company begins by establishing a disaster prevention framework, which serves as a foundation upon which to formulate a Business Continuity Plan (BCP) capable of coping with a variety of risks. On an annual basis, we also conduct initial response drills assuming a massive earthquake, as well as training for BCP to ensure business can rapidly recover and continue. These training programs enhance our initial response and business continuity capabilities. We review our disaster prevention framework and revise our manuals based on our reflection on this training so that we can achieve a more practical crisis response, thereby improving our risk management framework. In recent years, our overseas Group companies have also been making gradual progress in undertaking initial response drills and BCP training, each assuming disasters as appropriate to the circumstances of their local region. In tandem with this effort, each plant and domestic Group company has been performing onceannual BCM framework self-evaluations.Problem areas within disaster prevention, BCP and initial response systems, as well as BCM promotion systems, are exposed and improved in order to enhance the overall BCM framework.
Initial response drill of the Headquarters Crisis Management Team at the head office
Ensuring information security
Corporate utilization of IT is a prerequisite for competing globally. At the same time, if a security incident occurs due to cyberattack or other event, it could have a severe impact on stakeholders including customers.
NHK Spring Group has conventionally maintained security countermeasures against cyberattacks such as guarding against illicit transmissions, adopting antivirus software and protecting against.
We have adopted EDR software* as a measure against the advanced targeted attacks that have been on the increase recently.While strengthening measures from a defense-in-depth perspective, including monitoring for suspicious transmissions or behaviors, we undertake efforts through a Groupwide framework that includes enhancement of response manuals, as well as systems and methodologies enabling rapid recovery in the event that a cyberattack were to cause any damage. These are some of the ways in which we work every day to elevate our level of security.*A software tool that monitors behavior after incursion by a virus in order to enable more rapid post-infection response.
Preventive action includes monitoring of networks for illicit transmissions, etc., to prevent system shut-down or crash.