Basic Approach to Risk Management
To achieve sustainable growth, the NAGASE Group appropriately identifies all internal and external risks associated with its business activities, takes risk measures, assesses the status of implementation, and works to improve them.
When a risk materializes, we collect information and ascertain the situation as soon as possible, and work on risk management to minimize damage and loss caused by the materialization of the risk.
Risk Management and Compliance Committee
The Risk Management and Compliance Committee not only complies with laws and regulations, but also strives to establish and strengthen risk management and compliance systems that not only comply with laws and regulations, but also with corporate ethics, ESG Risks, as well as to operate environmental ISO and promote energy conservation. The Risk Management and Compliance Committee has established the Basic Compliance Policy and ensures that all employees, including those of Group companies, conduct corporate activities in accordance with the NAGASE Group Compliance Code of Conduct through regular workshops.
Risks related to the business operations of the NAGASE Group are managed by the Risk Management and Compliance Committee under the supervision of the Board of Directors.
|Responsible officer||Director in charge of Risk Compliance
(Responsible for risks reported to the CEO)
|Deliberative body||Risk Management and Compliance Committee
The Risk Management and Compliance Committee reports regularly to the Board of Directors and the Audit and Supervisory Board.
|Secretariat||Secretariat of Risk Management and Compliance Committee
(Legal and Compliance Department, etc.)
Internal reporting system
In the event that the Company or a Group company becomes aware of a problem, such as a violation of laws and regulations, it shall be immediately reported to the Committee, which shall in turn promptly report the matter to the Board of Directors and the Audit and Supervisory Board. In addition, activities of Risk Compliance Committee are reported to the Board of Directors on a regular basis. In addition, we have introduced an in-house reporting system and have established a point of contact (internal reporting system) for direct reporting and consultation from executives and employees, including Group companies.
BCP and business crisis management regulations
In January 2015, we established the Business Crisis Management Regulations in order to establish a system that enables us to quickly and appropriately respond to a management crisis that may affect business continuity, from the initial response at the site to the Group's systematic response, including assessing the situation, communicating and reporting, and issuing orders. In addition, in the event of a natural disaster such as an earthquake directly below the Tokyo metropolitan area, flooding caused by overflowing of nearby rivers due to heavy rain, or lockdowns caused by the spread of infectious disease, the NAGASE Global Human Resources Development Center (Shibuya City, Tokyo), a training facility for the NAGASE Group, is assumed to function as a satellite office based on an assumed scenario plan. The NAGASE Global Human Resources Development Center is equipped with high earthquake resistance and in-house power generation equipment, and is continually enhancing its ability to respond to crises.
In BCP activities, each business unit formulates a recovery plan to ensure delivery to major business partners.
The NAGASE Group strongly recognizes the importance of protecting data assets owned and managed in the course of conducting business activities. The economic and social losses incurred from information leaks and other accidents are incalculable. As for information security measures, all NAGASE Group employees are aware of the importance and need to work together Group-wide on this matter. Regarding the promotion of information security, we have established the Basic Policy of Information Security, as well as the Guideline for Information Security Measures which comprehensively detail recommended security levels and rules that need to be followed.
In addition, each Group company creates a manual detailing rules and things to be careful about during daily tasks as well as various rules and procedures outlining how to implement information security countermeasures. We are also fostering greater awareness among all employees through regular education and training.
Information Security Hierarchy
The NAGASE Group's hierarchy for execution of information security management is as follows.
Information Security Committee
- The NAGASE Group has established an Information Security Committee under the umbrella of the Risk Management & Compliance Committee. The former is responsible for upkeep of the Group's information security, regularly reporting to the Risk Management & Compliance Committee.
- The Information Security Committee presides over formulating and updating basic policies and guidelines on information security, as well as planning, implementing, and evaluating information security measures.
The administration of trade secrets and intellectual property, the handling of trade secrets belonging to the company, the handling of trade secrets and intellectual property rights of third parties, and the protection of personal information are also clearly defined in the Code of Conduct. These stipulations are rigorously communicated within the Group.
We use these measures to appropriately company-held information assets on a daily, ongoing basis, and we strive to properly leverage confidential information and effectively utilize information assets.
Trade Secret Administration
The NAGASE Group recognizes that intellectual property rights are also key company assets and subsequently endeavors to protect these. Intellectual property rights include patents, utility models, designs, trademarks, and authorship rights of computer software. The handling of trade secrets belonging to the company and the handling of trade secrets and intellectual property rights of third parties, are also clearly defined in the Code of Conduct. These stipulations are rigorously communicated within the Group.
Social Media Policy
Social media policy (excerpt)
・Use Social Media with an understanding of its characteristics and potential impact, exercising conscientiousness and responsibility.
・Do your utmost to publish information that is correct.
・Do your utmost to engage in wholesome, quality communication.
Crisis Prevention and Business Continuity Planning
Each NAGASE Group company has taken steps to mitigate such risks as those related to natural disasters that could impact the continuity of business activities as well as the safety and lives of employees. NAGASE has enacted measures for crisis prevention to protect human life and assets as well as business continuity plans (BCPs) to ensure steady operations. As for crisis prevention activities, we annually conduct one drill that coordinates our major domestic bases of Tokyo, Nagoya, and Osaka, checking the first responses during times of crisis, such as the transfer of head office functions. As for BCPs, each department has formulated a recovery plan to assure delivery to major business partners.
Securing satellite office functions in the event of disaster
The NAGASE Group’s training facility NAGASE Global HR Development Center in Shibuya, Tokyo is highly resilient to earthquakes and is equipped with power generators. In an emergency in which the Tokyo head office cannot be used, this facility will function as a satellite office with a 150-person capacity.