CSR activities in FY2023
Risk Management
Basic approach to risk management
We have developed a Risk Management Policy that outlines our basic approach to prevention and handling of risks that may hamper the execution of the Group’s business, and the Risk Management Regulations that set forth risk management organizations and their roles. Through these measures, we are promoting group-wide risk and crisis-management and BCP/BCM (Business Continuity Planning/Business Continuity Management).
To prevent risk and minimize the impact of any crises, the Risk Management Committee was established, chaired by the Executive Officer in charge of the ESG Promotion Department (who has oversight of risk management). The committee regularly checks up on the various risks surrounding NTN Group business activities including risk identification, analysis, evaluation, and treatment. The risks are classified from a comprehensive viewpoint into the 20 risk types listed below, then reduction of each risk is addressed according to its specific nature, with decisions made as to who and what department is responsible for managing the risk. The results of discussions at the Risk Management Committee are reported to the Board of Directors.
■Management process
■Relevant risks
■Structure
Promotion of BCP/BCM
We have been developing a BCP/BCM structure designed to respond to major earthquakes in Japan and are working to strengthen our disaster response systems, including those of our group companies.
We have completed the formulation of BCP to enable rapid recovery at all production sites around Japan. Development of BCM continues we are carrying out annual training (BCP drills) to assess the effectiveness of the continuity plans and management and have taken necessary advance measures.
Strengthen information security
Strengthening the Computer Security Incident Response Team
In response to increasing risks of cyber-attack and data breaches and in view of the importance of information security today, we have established a Basic Policy of Information Security alongside our Environment Policy, Human Rights Policy, Safety and Health Basic Policy and Procurement Policy as one of the NTN Group’s basic policies set forth under our Management Policy.
(Check here for The Basic Policy of Information Security)As cyber attacks become ever more complex and sophisticated, NTN and other companies are frequently suffering similar damage such as data breaches. In case of an information security incident, a rapid response to information security risks is required, from detection to reporting and resolution. Therefore, we have been developing a cross-cutting emergency system for handling information security risks, the NTN Computer Security Incident Response Team, or NTN-CSIRT. It started in FY2023 at the same time as the operation of the Security Operation Center (SOC), which monitors cyber threats around the clock to provide advance detection of attacks.
As personal security management measures, we offer information security incident drills, training on dealing with fraudulent emails, as well as e-learning to deepen understanding of information security-related rules and of how to deal with information security threats.
[Purposes of developing the information security emergency response system (NTN-CSIRT)]
(1) Detect information security risks and accelerate communication, reporting, handling, and recovery in case of risk occurrence
(2) Reduce risk of and prevent information security incidents
(3) Strengthen governance to enhance information security