We have long been engaged in the development of a framework for identifying and responding to risks, and are seeking to strengthen risk management for the purpose of shoring up our management and financial foundations, based on the policies under the mid-term management plan, in order to respond to changes in the business environment.
Specifically, the Management Meeting and other meetings are held periodically to identify social and economic trends, and to discuss measures in response to major management risks. In addition, with regard to the risks of each business, management monitors business operations primarily through the Council of Business Unit Managers, and provides prompt instructions in response to major business risks.
We also have a framework in place for preventing the occurrence of risks and promptly responding to risks that have materialized, primarily by establishing regulations and guidelines pertaining to factors such as safety and health, the environment, quality, compliance, business continuity during large-scale disasters, management of personal information and information security, and through the utilization of management systems.
Risk Management System
Regarding individual operations such as construction orders, real estate transactions and other business investments, we have established the “Head Office Risk Management Council,” “Orders Received Council,” “Overseas Orders Council,” “Real Estate Transaction Council” and “Business Investments Council” as cross-departmental structures for reviewing risks beforehand.
Flow of Discussion of Major Risks
In preparation for discussions of major management risks, management discusses measures to be taken in response to major risks through developing a shared language for our risk models and risk definitions, assessing and evaluating risks comprehensively, and identifying risks. During the discussions of material risks, measures are developed from a comprehensive and long-term perspective, and concrete response measures are taken from a strategic perspective at the Strategies Meeting and other meetings, as needed.
Business Continuity Management (BCM)
We came up with a business continuity plan (BCP) in 2008, in preparation for large-scale disasters, and received a certification for “Construction Company Continuity Capacity During Disasters” from the MLIT Kanto Regional Development Bureau in 2009. We have renewed this certification every two years since.
Our efforts in business continuity include establishing a training plan based on our BCP and having executives participate in training and workshops alongside other staff. This allows us to notice and review relevant issues and implement a PDCA cycle, which is then reflected in our BCP.
In BCM, in order to secure a working environment for our employees, we are refining internal systems by distributing emergency supplies, such as food and drink that would be required during blackouts and/or phone line congestion, in line with Tokyo Metropolitan regulations.
In addition, as our head office is located opposite Shibuya Station, one of Japan’s major transportation hubs, we are a part of a council comprising Shibuya Ward Office staff and local businesses who are responsible for helping people unable to return home in the case of a disaster. We regularly participate in emergency drills run by the Shibuya Ward Office and this council and support these efforts as a member of the community.
Furthermore, we intend to fulfill our social responsibilities by doing our utmost to ensure early restoration of infrastructure – especially access to disaster response routes that are essential for search and rescue.
To do so, we have entered into an agreement to work alongside national and prefectural government agencies and infrastructure companies in the case of a disaster, as well as with our subcontractors.
We have established our Basic Policy on Information Security in order to protect business-related information assets from threats such as information leakage incidents and accidents, and to respond to the trust of society and our clients. In addition, we revised our Information Security Guidelines in March 2019, and are conducting e-learning sessions based on these Guidelines.
Basic Policy on Information Security (established on March 31, 2013)
- In managing information, establish a management system to ensure the security of information assets, and regularly review the system and make improvements as necessary.
- Conduct balanced information security measures from all aspects, including physical, personnel and IT, and implement measures to prevent the occurrence of issues such as information leakage, while promptly responding to any problems that may occur.
- Establish operational systems for promoting information security measures, and clarify the roles and persons in charge.
- Demand clear responsibility, based on the employee regulations or contracts regarding violations of this basic policy as well as related rules and regulations.
- Conduct regular reviews to identify and resolve problems, in order to ensure that this basic policy as well as related rules and regulations are disseminated, implemented and maintained, and that improvements are made continuously.