Risk Management
Risk Management Structure
The risks (crises) faced by companies are not only limited to natural disasters but can arise in various forms. In order to fulfill our social responsibility as a corporation, we have established risk management regulations to avert such risks, minimize damage, and prevent recurrence, and have built a risk management structure in which the President & CEO and Representative Member of the Board acts as the chief responsible officer and the President of the Corporate Planning and Control Division is placed in charge of promotion.
Moreover, we have established a Group-wide CSR Promotion Committee to identify risks connected to corporate activities (unlawful actions by employees, scandals, disaster/accident risks etc.) in NHK Spring's divisions and the other Group companies.
In terms of concrete measures, we have established BCP (Business Continuity Planning) and personal information protection regulations, insider trading prevention regulations and other internal regulations and a risk management manual and are working to prevent risks from arising by conducting education and awareness promotion activities.
We aim for further improvement so that each employee can deepen their understanding of risks on a daily basis, and we can respond appropriately and promptly when unexpected risks occur to resolve them as quickly as possible.
Responding to Risks
In the event where risks become manifested, we take measures to ensure that the responsible and related departments can respond promptly. In cases where emergencies occur in domestic or overseas business sites, we promptly set up a task force in the area concerned and establish a general headquarters at our Head Office to quickly bring the situation under control.
Establishment of a BCM System
The NHK Spring Group has distributed the "NHK Spring Group BCP Basic Policy" and "NHK Spring Group BCP Guidelines" to all group companies in Japan and overseas, and is promoting the establishment of a Business Continuity Management (BCM) system. If a risk situation occurs, a task force is convened under a leader, and the divisions under its jurisdiction and related divisions work in unison to respond quickly based on the basic policies of "human life first," "responsibility to supply customers," and "fulfillment of social responsibility".
Strengthening of the BCM System Through Drills, etc.
At our Head Office, each plant, and domestic Group companies, we are working to strengthen our initial response and business continuity capabilities by first establishing a disaster prevention system as a platform for formulating a BCP that can respond to various risks. Also, we annually conduct initial response drills assuming the scenario of a large-scale earthquake and BCP drills for quickly restoring and continuing business operations. Since the year before last, instead of the conventional training conducted by gathering in a conference room, we have conducted drills remotely to prevent the transmission of COVID-19. Based on the reflections from these drills, we are also reviewing our disaster prevention system and revising our BCP and various procedure manuals to step up our response system in case of risk occurrence so that we can respond to crises in a more practical manner. In addition, in recent years, overseas Group companies have also been gradually implementing initial response drills and BCP drills based on disaster scenarios according to the conditions in their respective regions.
Also, each plant and domestic Group company conducts an annual self-assessment of its BCM system to identify and improve issues related to disaster prevention, BCP, initial response setup, and BCM promotion, and thereby improve the BCM system.
Ensuring Information Security
Information security and company continuity
The NHK Spring Group regards measures to address recently intensifying information security incidents such as cyber-attacks and information leaks as a top priority issue and is implementing a variety of security measures including creation of an information security team, introduction of security software and devices, and security education for employees.
The reason why we have raised the priority level of measures is that the strengthening of information security plays a very important role in ensuring the Company's continuity. We believe that securing a safe and secure foundation prevents or suppresses damage caused by incidents such as information leaks and cyber-attacks and thereby contributes to gaining the trust of customers and other stakeholders, expanding business and strengthening competitiveness.
Moreover, having awareness of cyber-attacks over not only the NHK Spring Group but also the entire supply chain can enable us to avert losses in related industries, secure the Company's continuity and sustain profits.
The NHK Spring Group will continue to leverage IT in the pursuit of business growth and sustainability. At the same time, as we believe that security will play a greater role as risks increase with the advancement of IT utilization, we will continue to strengthen security.
Raising the level of security measures
NHK Spring implements incident response training based on simulations of recent security incidents.
The training primarily consists of checks to ensure that procedures are in place or that incidents can be actually responded to, followed by improvements to identified issues geared to raising the level of the response setup.
Recently, deciding that we still had room for improvement regarding the response speed of our conventional organizational structure, we are planning to launch the CSIRT* as a Company-wide organization for realizing rapid and controlled responses. Through conducting cross-departmental measures (activities to coordinate and control between in-company, customers and supply chains) that were difficult to implement with the former vertically split organization, we aim to speed up our response to emergencies.
* CSIRT (Computer Security Incident Response Team) is a dedicated team for responding to security incidents.