Governance

RISK MANAGEMENT: ACTIONS

Initiatives in 2024

  • The 20% policy* in incident reporting, theretofore an informal policy, was made official. Employees are now required to report incidents (risk events) early on, and all incident information is inputted to an incident database to enable unified management of the information.
  • Having expanded in ASEAN markets, we established an ASEAN desk to strengthen management of risks in the ASEAN regions.
  • In view of the growing geopolitical tensions and cyberthreats, the Risk Management Committee established subcommittees dedicated to country-specific risks and IT risks (both of which are key strategic themes).
  • We established the Organization-Wide Internal Controls Committee. This committee, chaired by the President and CEO, is responsible for setting organization-wide policies and rules related to internal controls and monitoring whether situationally appropriate internal controls are in place and working effectively.
  • To instill a commitment to sustained and effective compliance, we established a compliance month, a period in which everyone across KOKUYO Group focuses on implementing compliance-related policies.
  • The 20% policy
    Under this policy, employees inform the relevant company or superior about a risk event even if they know only about 20% of the facts (such as the cause of the event or how it is to be addressed).

Strengthening BCP Measures

We have developed a business continuity plan, which we continually review and revise as part of a business continuity planning lifecycle. The plan includes measures for maintaining a stable supply of goods when an emergency such as a natural disaster disrupts operations in our plants or offices. Mindful of the threat of catastrophic events such as earthquakes, extreme storms, flooding, fires, major power outages, and infectious disease, we have reaffirmed the importance of getting the initial responses right and minimizing the damage from such calamities. We therefore use emergency manuals, emergency drills, and similar means to ensure that every employee will act safely in an emergency to safeguard human life.
In view of the rising concern for sustainability (ESG, SDGs), our emergency power sources include solar power systems and reserve batteries.

Managing Information Security Risks

One of our key sustainability-related tasks is to maintain the trust of customers and the public and the trustworthiness of our services. Recognizing the strategic imperative of maintaining information security and safeguarding personal information, we are committed to developing organization-wide processes for managing information and to continuously improving them.

  1. 1.
    Laws and ordinances regarding information security and other standards are adhered to.
  2. 2.
    Personal information is managed according to the Personal Information Protection Policy defined by the KOKUYO Group.
  3. 3.
    Appropriate safety measures are taken in order to prevent unauthorized access to information assets, as well as loss, falsification and leakage, etc. of information assets.
  4. 4.
    Regulations and rules regarding the management and use of information assets are formulated and revised, and education is continually conducted to employees about these regulations and rules.
  5. 5.
    Inspections and improvements are continually conducted on the management system and initiatives related to information security.

Obtaining ISO 27001 Certification

As of the end of 2024, we have obtained ISO 27001 for the data transfer services and document management services provided by the Net Solutions and Document Solutions Departments of the Innovation Center under the Corporate Planning Division.

PAGE TOP