Risk Management/Information Security

Risk Management/BCP

In our management, the SG Holdings Group regard as risks all factors that might have an impact on our business. For each category of risk, we make an appropriate assessment of the potential impact on our business, and take appropriate measures based on our Risk Management Regulations, while minding the relevant laws and changes in the social environment. For identified risks, our aim is to minimize the potential losses these risks might cause by taking the necessary measures.

As a group, we are mindful of the following risk categories. (quoted from Risk Management Regulations)

  • Strategic risks
    Risks to management or to the execution of business plans
  • Operations risk
    Risks to our day-to-day operations and business activities
  • Financial reporting risk
    Risks associated with external reporting of disclosure items that might have a significant impact on our financial statements, or on the trustworthiness of our financial statements.


SG Holdings’ President and COO is the people who bear responsibility for the group. In addition, we have established the following persons and departments of responsibility, to promote risk management for the group as a whole.

SG Holdings Group Risk Management Systems

SG Holdings Group Risk Management Systems

Risk Management at Normal Times

Under normal circumstances, risk management is effectively and efficiently executed for the Group as a whole by managing risk in the following flow in Group companies.

Risk Management Flow


Understanding risks and centrally managing them for the Group


Classifying and prioritizing risks according to impact and frequency, and visualizing them using a risk map


Development of countermeasures in accordance with the order of priority


Quarterly review of the Group’s risk identification, evaluation, and countermeasures

Risk Map
Risk Map

BCP/BCM for Major Damage, Accidents

Due to the particular characteristics of the logistics business, we regard natural calamities and accidents as risks of particular significance. To ensure the continuity of Group operations in the event of a major earthquake, a natural disaster such as wind and water disasters, fire, explosion or other accident or contingency, the Group has formulated a Business Continuity Plan (BCP) clearly setting forth an action plan starting from initial response through the restart of business activities. We continue to work assiduously on Business Continuity Management measures to ensure that the BCP works as effectively as envisioned.

Safety Check Training

For all group employees in Japan, we conduct response training twice a year using Safety Check Systems. Based on the BCP, we have set a target rate of 90% for responses within 24 hours after the occurrence of an incident.

Business Continuity Training

We conduct business continuity training throughout the Group once a year. In fiscal 2022, SG Holdings and a total of 13 operating companies in Japan conducted training, mainly in the form of remote exercises, to test the effectiveness of a more practical disaster response in the event of a Nankai Trough earthquake.

SG Holdings Group BCM Systems (in Japan)

SG Holdings Group BCM Systems (in Japan)

Information Security

The SG Holdings Group considers the protection of information assets an important social responsibility. We have formulated an "Information Security Basic Policy" and a "Personal Information Protection Policy" and work toward strengthening information security.

Information Security Basic Policy

Personal Information Protection Policy

Information Security System

SGH-CSIRT (Computer Security Incident Response Team)

Enhanced information security management systems are now more critical than ever as the potential danger from a wide range of cyberattacks originating outside the company has grown significantly over the past several years. At SG Holdings Group, in addition to our administrative systems of the past, which are designed to protect our information assets as well as ensure continuous and efficient operation and social trust in our company by appointing the Director in charge of Corporate Planning as the Information Security Supervision Manager, we have established SGH-CSIRT, a dedicated team handling information security issues throughout the Group as a whole, to minimize harm through prevention of data security accidents, and fast response when incidents occur.


Implementation of Security Assessment

Security assessment is an essential tool for evaluating the effectiveness of data security management systems, to prevent serious information security incidents. SG Holdings Group is implementing highly effective policies, based on our own security assessments and our three-year security policy road map. Specifically, the assessment consists of 1) setting a target level of cybersecurity upon evaluation of the internal and external environment, 2) identifying the challenges to attaining that level, and 3) proposing and prioritizing the required solutions.

Information Security Training for Employees

For all Group employees, in Japan and abroad, we hold group confirmation of the Security Handbook twice a year, followed by comprehension tests. We provide response training for targeted e-mail attacks, where we study first actions, for example, counting the number of times an attached file is opened, the number of clicks on link URLs, and reports to senior managers. Furthermore, for employees who fail to make the appropriate responses, we have e-learning follow-up training and other ongoing education.

Building a Responsible Management Foundation