We will introduce and enhance the CRO (Chief Risk Officer) system as E-Plan2025 priority initiative. Responsible for risk management established at the Corporate and each Division Company (RO: We will develop a system of coordination with Risk Officer) and other CxOs to share risk cases and promptly and appropriately instruct countermeasures for the entire group. We will aim for aggressive risk management that can convert risks into opportunities.
Toru Nakayama
Executive Officer CRO
To minimize all risks that prevent the EBARA Group from continuously continuing to exist and develop, we have shifted our focus from conventional activities centered on "responding to individual risks that have emerged" to measures to systematically identify, assess, and minimize risks, and have also shifted the focus to activities that continuously improve those risks. We are building that system.
In order to support the global business development of the EBARA Group, it is necessary to strengthen group governance and risk management systems, including overseas subsidiaries. Accordingly, we have established the Risk Management Panel ("RMP") as an organization that oversees, deliberates, provides guidance for improvement, and supports the risk management activities of the EBARA Group, and has implemented thorough implementation of Group management regulations to strengthen Group governance, as well as a communication system for emergencies.
RMP is chaired by the President and Representative Executive Officer and is comprised of all executive officers. Non-Executive Directors sit on the RMP to provide advice and other assistance as necessary to ensure risk management activities are undertaken with adequate objective supervision. The status of RMP deliberations is reported to the Board of Directors, and the Board of Directors has established a system that enables the Board of Directors to accurately grasp information and exercise supervisory functions.
In addition, in response to changes in the risk situation surrounding our group, risk assessments are conducted on a regular basis, and the risk response system is reevaluated, and the departments responsible for each risk are clarified and reflected in their operation. In addition, as a risk response system, if a company-wide response is required according to the level of importance, a countermeasure headquarters headed by the President and Representative Executive Officer is established to enable prompt reporting, communication, and judgment throughout the company.
CRO offices, including CROs and ROs established in each company, have been established as a risk response system that transcends the boundaries of in-house companies.
We conduct company-wide risk assessments on a regular basis every three years for the risks surrounding our group. In addition, Company-wide risk assessment analyzes the likelihood of occurrence, impact level, and residual risk after countermeasures for our group, from among the risk items that can be assumed. Subsequently, we reevaluated the risk response system through questionnaires and interviews with business managers and division managers, and took measures by clarifying the departments in charge.
In addition, as a risk response system, if a company-wide response is required according to the level of importance, we have set up a countermeasure headquarters headed by the representative executive officer to enable the company-wide reporting, communication, and judgment.
Among the group important risks selected in the company-wide risk assessment, the following events are handled across the entire group.
After responding to and the new corona model, we have been building a BCM system on a global scale through strengthened cooperation with group companies in each country.
We have been developing a BCM system mainly for earthquake response, but we are also preparing for natural disasters such as heavy rains, floods, and typhoons, which have suffered serious damage in recent years. However, other natural disasters such as heavy rain, floods, and typhoons have caused increasingly severe damage in recent years, so we have been working to reduce such damage by preparing physical countermeasures such as sandbags and water bags, especially at our main bases and Group companies in Japan. We are also simultaneously working to raise awareness for disaster preparation and mitigation by distributing disaster preparation guides to every employee and putting disaster response posters up at bases. We are also taking measures against volcanic eruptions such as Mt. Fuji.
Each country's regulations for protecting personal information are being strengthened year by year.
Global insurance has been introduced to strengthen global risk management. Major Group companies take out insurance uniformly for property, liability, and logistics, and we transfer such risks after developing a Groupwide approach to natural disaster risks, contract risks, and more. We will continue to review the items and targets of global insurance to implement efficient and effective risk management.
We believe that providing products and services to support the continued functioning and early recovery of important facilities related to the lives and property of citizens in the event of a major earthquake or large-scale infectious disease is an important part of our business. Accordingly, we have established a business continuity management system and organized our organizational structure and plans.
Initial Activities are led by the local headquarters established in each region, and are engaged in evacuation, rescue, fire fighting, and other activities to ensure the safety of employees and the preservation of assets. At the same time, the business continuity and recovery activities begin, with the intent to mitigate damage to ongoing projects and facilitate the rapid recovery of important business. The Headquarters assesses the status of company-wide activities and provides company-wide instructions and information.
To quickly gather information about the affected areas, we use a safety confirmation system and information sharing sheets on cloud servers. In addition, in order to ensure information sharing, satellite phones have been installed at each site, and key members of the disaster response team carry priority disaster phones. Furthermore, we have established a system to disseminate information from the secretariat of the Osaka Branch in order not to stop disseminating information through the Internet website even if the head office in Tokyo is damaged.
Every year, all domestic bases of the EBARA Group conduct disaster prevention drills based on the assumption of large-scale earthquakes, etc.
and every employee is regularly trained to respond to the safety confirmation system.
In anticipation of a situation in which the head office cannot be established at the head office in Tokyo due to the Tokyo Metropolitan Area Earthquake and other events, a secretariat has been set up at the Osaka Branch to provide remote support for the headquarters, and training is conducted every year.
At major bases, generators, storage batteries, solar panels, etc. are deployed to match the size of the base to secure power supplies in the event of a power outage. We have also deployed portable storage batteries and solar panels at the homes of all executive officers and have established a system that enables quick supervision of business continuity even in the event of a power outage.
We are implementing measures to prevent flooding by installing soil and waterproofing boards at our sales bases and offices where flooding by heavy rains or tsunamis is expected.
Three days' worth of food, water, survival sheets, etc. are deployed as stockpiles in case of disaster.
We have implemented measures outlined in “Tokyo Metropolitan Government’s Handbook on Measures for Stranded Persons”.
We also regularly share a video on our company intranet to raise awareness on why preventing people from returning home all at once after a disaster is important.
Properly manages information assets and does not abuse them. We will also work to protect personal information.
EBARA Group's information security policy defines "EBARA Group 5 Principles on the Handling of Information".
Employees of EBARA Group handle information in accordance with the EBARA Group 5 Principles below.
We have a company-wide system for information security.
We have established various regulations related to and information security, and are operating in accordance with these regulations. We also regularly use various manuals, educational materials and e-learning to improve employee literacy.
The company is working to develop a system infrastructure for data centers and other facilities that are resistant to earthquakes and power outages, and is taking measures to prevent leakage, such as locking and anti-theft measures at business sites, and disposal of documents, storage media, and equipment.
to modernize and optimize systems and software to eliminate vulnerabilities, and to quickly detect and respond to security threats through protection and monitoring with various devices. In addition, encryption and password locking are performed as necessary to reduce the impact of accidents.
in compliance with IT general controls, manages proper ID access rights management, password management, authorization authority and privilege, and standardizes and systematizes system development/construction/maintenance tasks.
establishes and improves incident management, multiplexing of critical equipment and networks, and communication, reporting and recording processes based on backup and management systems.
In view of the need to comply with internationally recognized international standards and frameworks for the standardization and raising of security levels globally from 2022, we decided to comply with CIS Controls, which is an international standard ISO27001 for information security and a non-profit organization in the United States for cyber security, which is a framework for companies to address as cyber security measures.
In addition, with the aim of strengthening security governance required of global companies, we decided to establish a system as Global CSIRT and promote continuous operation and improvement.
For major countries such as to control the export of goods and the provision of technology in cooperation with the international community in order to prevent the transfer of weapons and military-divertable cargo and technology to countries and terrorists that could threaten the safety of the world. the EBARA Group has established the "Basic Policy on Security Trade Control" and is not limited to complying with laws and regulations, but also to undertake voluntary management.We will actively contribute to the maintenance of international peace and security.
Basic Policy on Security Trade Control
1.Compliance with the Export Control Law and the U.S.Reexport Control Regulations of the country of Japan
2.Compliance with the Security Trade Control Regulations of Japan,
3.Controlling of exports in cooperation with the international community, such as the International Export Control Regime.
4.Products and technologies of the EBARA Group In order to promote the proper implementation of security trade control for civilian use only
5. Prohibit any business and transactions relating to specially designated countries and regions, such as North Korea and Iran.
The Company has established a security trade control system with the president and CEO of EBARA, Ltd., and has established a department specializing in security trade control at the head office of Ebara. Each in-house company has a security trade control promotion division that is responsible for compliance with and thorough implementation of export control-related laws and regulations. The division not only prevents violations of laws and regulations, but also endeavors not to engage in transactions that are contrary to corporate social responsibility.
