SGH

Risk Management/Information Security

Risk Management/BCP

In our management, the SG Holdings Group regard as risks all factors that might have an impact on our business. For each category of risk, we make an appropriate assessment of the potential impact on our business, and take appropriate measures based on our Risk Management Regulations, while minding the relevant laws and changes in the social environment. For identified risks, our aim is to minimize the potential losses these risks might cause by taking the necessary measures.

As a group, we are mindful of the following risk categories. (quoted from Risk Management Regulations)

  • Strategic risks
    Risks to management or to the execution of business plans
  • Operations risk
    Risks to our day-to-day operations and business activities
  • Financial reporting risk
    Risks associated with external reporting of disclosure items that might have a significant impact on our financial statements, or on the trustworthiness of our financial statements.

Systems

SG Holdings’ President and COO is the people who bear responsibility for the group. In addition, we have established the following persons and departments of responsibility, to promote risk management for the group as a whole.

SG Holdings Group Risk Management Systems

SG Holdings Group Risk Management Systems

Risk Management at Normal Times

Under normal circumstances, risk management is effectively and efficiently executed for the Group as a whole by managing risk in the following flow in Group companies.

Risk Management Flow

Identification

Understanding risks and centrally managing them for the Group

Evaluation

Classifying and prioritizing risks according to impact and frequency, and visualizing them using a risk map

Countermeasures

Development of countermeasures in accordance with the order of priority

Review

Quarterly review of the Group’s risk identification, evaluation, and countermeasures

Risk Map
Risk Map

BCP/BCM for Major Damage, Accidents

Due to the particular characteristics of the logistics business, we regard natural calamities and accidents as risks of particular significance. To ensure the continuity of Group operations in the event of a major earthquake, a natural disaster such as wind and water disasters, fire, explosion or other accident or contingency, the Group has formulated a Business Continuity Plan (BCP) clearly setting forth an action plan starting from initial response through the restart of business activities. We continue to work assiduously on Business Continuity Management measures to ensure that the BCP works as effectively as envisioned.

Safety Check Training

For all group employees in Japan, we conduct response training twice a year using Safety Check Systems. Based on the BCP, we have set a target rate of 90% for responses within 24 hours after the occurrence of an incident.

Business Continuity Training

We conduct joint business continuity training throughout the Group once a year. In fiscal 2023, SG Holdings and a total of 13 Group companies in Japan conducted first response training assuming the occurrence of a disaster affected the entire headquarters. In addition, through training assuming the scenario of the Kumamoto Earthquake, we verified the effectiveness of the coordinated response system of each company for the continuation of express package delivery services business of Sagawa Express, which is a priority business for the Group to resume.

SG Holdings Group BCM Systems (in Japan)

SG Holdings Group BCM Systems (in Japan)

Information Security

The SG Holdings Group considers the protection of information assets an important social responsibility. We have formulated an "Information Security Basic Policy" and a "Personal Information Protection Policy" and work toward strengthening information security.

Information Security Basic Policy

Personal Information Protection Policy

Information Security System

SGH-CSIRT (Computer Security Incident Response Team)

Enhanced information security management systems are now more critical than ever as the potential danger from a wide range of cyberattacks originating outside the company has grown significantly over the past several years. At SG Holdings Group, in addition to our administrative systems of the past, which are designed to protect our information assets as well as ensure continuous and efficient operation and social trust in our company by appointing the Director in charge of Corporate Planning as the Information Security Supervision Manager, we have established SGH-CSIRT, a dedicated team handling information security issues throughout the Group as a whole, to minimize harm through prevention of data security accidents, and fast response when incidents occur.

Initiatives

Implementation of Security Assessment

The implementation of security assessments for evaluating information security management and responses is effective for preventing serious information security incidents and minimizing damage. SG Holdings Group implements planned and highly effective measures, based on assessments by an external information security specialist company, and our three-year security policy road map. Specifically, the targeted security level is set with an understanding of the internal and external environment, issues leading to this are identified and solutions are determined for each issue as prioritized.

Information Security Training for Employees

For all Group employees, in Japan and abroad, we hold group confirmation of the Security Handbook twice a year, followed by comprehension tests. We provide response training for targeted e-mail attacks, where we study first actions, for example, counting the number of times an attached file is opened, the number of clicks on link URLs, and reports to senior managers. Furthermore, for employees who fail to make the appropriate responses, we have e-learning follow-up training and other ongoing education.


Building a Responsible Management Foundation