SGH

Risk Management/Information Security

Risk Management/BCP

In our management, the SG Holdings Group regard as risks all factors that might have an impact on our business. For each category of risk, we make an appropriate assessment of the potential impact on our business, and take appropriate measures based on our Risk Management Regulations, while minding the relevant laws and changes in the social environment. As new risks come to the fore, our aim is to minimize the potential losses these risks might cause, by taking the necessary measures.

As a group, we are mindful of the following risk categories. (quoted from Risk Management Regulations)

  • Strategic risks
    Risks to management or to the execution of business plans
  • Operations risk
    Risks to our day-to-day operations and business activities
  • Financial reporting risk
    Risks associated with external reporting of disclosure items that might have a significant impact on our financial statements, or on the trustworthiness of our financial statements.

Systems

SG Holdings' Director in charge of Management and Control is the people who bear responsibility for the group. In addition, we have established the following persons and departments of responsibility, to promote risk management for the group as a whole.

SG Holdings Group Risk Management Systems

SG Holdings Group Risk Management Systems

Risk Management at Normal Times

Under normal circumstances, risk management is effectively and efficiently executed for the Group as a whole by managing risk in the following flow in Group companies.

Risk Management Flow

Identification

Understanding risks and centrally managing them for the Group

Evaluation

Classifying and prioritizing risks according to impact and frequency, and visualization them using a risk map

Countermeasures

Development of countermeasures in accordance with the order of priority

Review

Quarterly review of the Group's risk identification, evaluation, and countermeasures

Risk Map
Risk Map

BCM/BCP for Major Damage, Accidents

Due to the particular characteristics of the logistics business, we regard natural calamities and accidents as risks of particular significance. To ensure the continuity of Group operations in the event of a major earthquake, a natural disaster such as wind and flood damage, fire, explosion or other accident or contingency, the Group has formulated a Business Continuity Plan (BCP) clearly setting forth an action plan starting from initial response through the restart of business activities. We continue to work assiduously on Business Continuity Management measures to ensure that the BCP works as effectively as envisioned.

Safety Check Training

For all group employees in Japan, we conducted response training twice, using Safety Check Systems. Based on the BCP, we have set a target rate of 90% for responses within 24 hours after the occurrence of an incident.

Business Continuity Training

We conduct business continuity training throughout the Group once a year. In fiscal 2018, SG Holdings, along with 18 Group companies from Japan and elsewhere, participated in simulation exercises based on the kinds of advanced composite calamities, such as major typhoons and urban flooding that have become more frequent recently. (Activity suspended in fiscal 2019 and 2020 to prioritize measures to prevent COVID-19 infections)

SG Holdings Group BCM Systems (in Japan)

SG Holdings Group BCM Systems (in Japan)

Information Security

The SG Holdings Group considers the protection of information assets an important social responsibility. We have formulated an "Information Security Basic Policy" and a "Personal Information Protection Policy" and work toward strengthening information security.

Information Security Basic Policy

Personal Information Protection Policy

SGH-CSIRT (Computer Security Incident Response Team)

Enhanced information security management systems are now more critical than ever as the potential danger from a wide range of cyberattacks originating outside the company has grown significantly over the past several years. At SG Holdings Group, in addition to our administrative systems of the past, we have established SGH-CSIRT, a dedicated team handling information security issues throughout the Group as a whole, to minimize harm through preemptive prevention of data security accidents, and fast response when incidents occur.

Initiatives

Implementation of Security Assessment

Security assessment is an essential tool for evaluating the effectiveness of data security management systems, to prevent serious information security incidents. SG Holdings Group is implementing highly effective policies, based on our own security assessments and our three-year security policy road map. Specifically, the assessment consists of 1) setting a target level of cybersecurity upon evaluation of the internal and external environment, 2) identifying the challenges to attaining that level, and 3) proposing and prioritizing the required solutions.

Information Security Training for Employees

For all Group employees, in Japan and abroad, we hold group confirmation of the Security Handbook twice a year, followed by comprehension tests. We provide response training for targeted e-mail attacks, where we study first actions, for example, counting the number of times an attached file is opened, the number of clicks on link URLs, and reports to senior managers. Furthermore, for employees who fail to make the appropriate responses, we have e-learning follow-up training and other ongoing education.


Building a Responsible Management Foundation