Glory strives to avoid operational risks and mitigate losses in times of disasters, ensuring the safety of stakeholder positions.
Glory's Risk Management Committee, chaired by the company's president, works to strengthen the Group's risk management based on the risk management framework and process shown below.
In fiscal 2023, the committee conducted group-wide assessment to review risk status and implement measures to mitigate highest priority risks.
The Risk Management Committee manages the Group's risk management framework and is chaired by the company's president.
The Glory Group applies the PDCA cycle shown right in its risk management including identification, assessment, and formulation of measures. Identified risks are evaluated on two axes (severity and probability) and high-priority risks are managed by responsible departments which take preventive measures and establish systems to respond promptly in times of crisis. Basic policies, risk management structure, and priority measures for the year are deliberated upon and approved by the Risk Management Committee. Summary of these risk management activities are regularly reported to the company's Board of Directors.
In January 2024, the Risk Management Committee identified the highest priority risks and decided upon the policies and measures as below.
Glory has its own BCPs in place to continue its business and recover promptly in times of crisis, such as natural disasters. To ensure stable supply of products and services in such emergency situations, we consistently strengthen our supply chain by diversifying parts procurement risks and conducting regular reviews on emergency manuals and regulations. In fiscal 2023, we conducted BCP drills and updated evacuation procedures at our domestic subsidiaries with manufacturing functions.
As specific measures, we have enhanced our countermeasures against network damage that would impact our business continuity, expanded the coverage of safety confirmation system, installed satellite phones at main business sites, and stockpiled supplies of food and water for contingencies. In addition, we conduct regular disaster drills to ensure the effectiveness of our disaster countermeasures.
Glory handles a large volume of confidential information concerning matters such as cash processing and settlement processing. Accordingly, we focus on the integrated strengthening of our information security throughout the Group based on the Information Security Basic Policy and Privacy Policy, which stipulate our basic stance and attitude as a Group.
Under the supervision of the Chief Information Security Officer (Group CISO), we have established the Information Security Promotion Section as a company-wide cross-sectional organization to improve the level of information security for the entire Group. The section has been making continuous improvements through the PDCA cycle based on the Information Security Policy. Internal audits are also conducted regularly to check the suitability and effectiveness of the system. In addition, as a measure to strengthen security not only for the Group but also for the entire supply chain, we conduct security surveys of contractors who handle important information to ascertain their security levels and provide guidance on improvements as necessary.
For the purpose of safely and appropriately handling the information assets of our customers, departments concerned with offering systems solutions and services, such as the Service Connect Center (Information processing center), have acquired ISO 27001 certification, the international standard for information security.
GLORY LTD. | Service Connect Center, System Development Division, Glory Monitoring Center |
---|---|
Domestic group companies | GLORY Technical Solutions Ltd. SC Business Division (Former GLORY System Create Ltd.), GLORY NASCA Ltd. |
Overseas group companies | Sitrade Italia S.p.A. |
We are enhancing information security measures, such as introducing ID management systems and systems to prevent unauthorized entry via the Internet or to limit the use of external storage by device control. In addition, to prevent unauthorized use by stranger, two-factor authentication has been introduced in the important systems to strengthen authentication.
For teleworkers, we use VPN lines to ensure network security to prevent leakage of confidential information, and we are also strengthening endpoint security by thoroughly addressing vulnerabilities and introducing anti-virus software and a mobile device management system (MDM).
We have introduced an entrance and exit management system with ID cards or facial recognition along with a key management system to strictly control access and automatically save records.
We also ensure the continuous operation of the IT infrastructure by installing equipment such as private power generators and a UPS (uninterruptible power system).
We respond to constantly changing technologies and social circumstances and conduct level-based employee training to prevent information security breaches.
Our training includes programs for new employees to provide them with a basic knowledge of information security and relevant laws and regulations and training on supervisor responsibilities for information security so management can acquire the knowledge they need. We also conduct training programs for managementlevel personnel to deepen understanding of social trends (external environment) and our status (internal environment) related to information security.
We also conduct an annual, group-wide e-learning program in October during Corporate Ethics Month to strengthen the information security literacy of employees. Due to the increased the risk of information leaks from telework, we provide employees with training on risk prevention compliance.
In preparation for information security incidents such as data leaks, malware infection, and unauthorized access, we have established a system for minimizing damage, promptly recovering and preventing reoccurrence. G-CSIRT (Glory Computer Security Incident Response Team), which plays a central role in this effort, joined Nippon CSIRT Association, an industry group, in 2014 and has been enhancing response capabilities to incidents through such initiatives as gathering and sharing information and acquiring related skills. The system is being further strengthened to enhance the response to incidents in products, services and at offices.