In our management, the SG Holdings Group regard as risks all factors that might have an impact on our business. For each category of risk, we make an appropriate assessment of the potential impact on our business, and take appropriate measures based on our Risk Management Regulations, while minding the relevant laws and changes in the social environment. For identified risks, our aim is to minimize the potential losses these risks might cause by taking the necessary measures.

As a group, we are mindful of the following risk categories. (quoted from Risk Management Regulations)

SG Holdings’ President and COO is the people who bear responsibility for the group. In addition, we have established the following persons and departments of responsibility, to promote risk management for the group as a whole.

Under normal circumstances, risk management is effectively and efficiently executed for the Group as a whole by managing risk in the following flow in Group companies.

Due to the particular characteristics of the logistics business, we regard natural calamities and accidents as risks of particular significance. To ensure the continuity of Group operations in the event of a major earthquake, a natural disaster such as wind and water disasters, fire, explosion or other accident or contingency, the Group has formulated a Business Continuity Plan (BCP) clearly setting forth an action plan starting from initial response through the restart of business activities. We continue to work assiduously on Business Continuity Management measures to ensure that the BCP works as effectively as envisioned.

For all group employees in Japan, we conduct response training twice a year using Safety Check Systems. Based on the BCP, we have set a target rate of 90% for responses within 24 hours after the occurrence of an incident.

We conduct business continuity training throughout the Group once a year. In fiscal 2022, SG Holdings and a total of 13 operating companies in Japan conducted training, mainly in the form of remote exercises, to test the effectiveness of a more practical disaster response in the event of a Nankai Trough earthquake.

The SG Holdings Group considers the protection of information assets an important social responsibility. We have formulated an "Information Security Basic Policy" and a "Personal Information Protection Policy" and work toward strengthening information security.

Enhanced information security management systems are now more critical than ever as the potential danger from a wide range of cyberattacks originating outside the company has grown significantly over the past several years. At SG Holdings Group, in addition to our administrative systems of the past, which are designed to protect our information assets as well as ensure continuous and efficient operation and social trust in our company by appointing the Director in charge of Corporate Planning as the Information Security Supervision Manager, we have established SGH-CSIRT, a dedicated team handling information security issues throughout the Group as a whole, to minimize harm through prevention of data security accidents, and fast response when incidents occur.

Security assessment is an essential tool for evaluating the effectiveness of data security management systems, to prevent serious information security incidents. SG Holdings Group is implementing highly effective policies, based on our own security assessments and our three-year security policy road map. Specifically, the assessment consists of 1) setting a target level of cybersecurity upon evaluation of the internal and external environment, 2) identifying the challenges to attaining that level, and 3) proposing and prioritizing the required solutions.

For all Group employees, in Japan and abroad, we hold group confirmation of the Security Handbook twice a year, followed by comprehension tests. We provide response training for targeted e-mail attacks, where we study first actions, for example, counting the number of times an attached file is opened, the number of clicks on link URLs, and reports to senior managers. Furthermore, for employees who fail to make the appropriate responses, we have e-learning follow-up training and other ongoing education.