Glory strives to avoidoperational risks and mitigate losses in times of disasters, ensuring the safety of stakeholder positions.
Glory has established the Risk Management Committee, chaired by the president, to maintain and strengthen risk management for the entire Glory Group. The Glory Group conducts risk assessments periodically,then works with the divisions and individuals responsible for each risk item to regularly implement precautionary measures ,while establishing a system that can respond promptly in times of crisis. The committee discusses measures based on the results of these assessments,and a summary of the discussion is reported to the Board of Directors on a regular basis.
In fiscal 2021, we developed measures against critical risks in the Risk Management Committee. We have conducted the same assessment group-wide to grasp overall risk status and implemented measures accordingly to mitigate any risks identified therein.
The Glory Group annually revises its list of potential risks and associated management policies and countermeasures, based on changes in the prevailing business environment and progress of our businesses. The Risk Management Committee identifies potential risks in the review based on existing assessment and factors such as internal/external environmental changes. The Committee then conducts assessment and analysis of these risks based on the level of impact and frequency of occurrence, and formulates countermeasures against the risks of high significance. These risks can be disclosed as business risks in Security Reports etc if its financial impacts are considered high.
In February 2022, we discovered an incident of embezzlement by a former employee of a domestic consolidated subsidiary. Although risks related to such incident had previously been identified, their significance had been considered low. With proper recognition of their significance, we are currently working to ensure thorough implementation of preventive measures established in May 2022 throughout the Group.
The COVID-19 pandemic has accelerated the global shift to cashless transactions, which the Group considers as a business risk to be addressed. We are also working to address other risk factors such as parts shortage, high material prices and logistics costs, and sales postponement.
Glory has developed a BCP to continue its key activities and recover promptly in times of crisis, such as natural disasters. To ensure stable supply of products and services during emergencies, we consistently strengthen our supply chain by diversifying the risk of parts procurement and conduct regular review on emergency manuals and regulations. In fiscal 2021, we conducted a BCP drill at our domestic subsidiaries with manufacturing capability.
In preparation for contingencies, we have strengthened our countermeasures against potential damage to important network systems that have a major impact on business continuity, introduced a safety confirmation system, installed satellite phones at main business sites, and stocked supplies of food and water. In addition, we regularly conduct disaster drills to ensure the effectiveness of our disaster countermeasures.
Under the supervision of the Chief Information Security Officer (CISO), we have established the Information Security Promotion Section as a company-wide cross-sectional organization to improve the level of information security for the entire Group. The section has been making continuous improvements through the PDCA cycle based on the Information Security Policy. Internal audits are also conducted regularly to check the suitability and effectiveness of the system. In addition, as a measure to strengthen security not only for the Group but also for the entire supply chain, we conduct security surveys of contractors who handle important information to ascertain their security levels and provide guidance on improvements as necessary.
For the purpose of safely and appropriately handling the information assets of our customers, departments concerned with offering systems solutions and services, such as the Servise Connect Center (Information processing center), have acquired ISO 27001 certification, the international standard for information security.
|GLORY LTD. 3 Departments||System Product Development Division, Settlement and Data Service Division, Glory Monitoring Center|
|Domestic Group companies 1 company||GLORY System Create Ltd.|
We are enhancing information security measures, such as introducing ID management systems and systems to prevent unauthorized entry via the Internet or to limit the use of external storage by device control. In addition, to prevent unauthorized use by stranger, two-factor authentication has been introduced in the important systems to strengthen authentication.
For teleworkers, we use VPN lines to ensure network security to prevent leakage of confidential information, and we are also strengthening endpoint security by thoroughly addressing vulnerabilities and introducing anti-virus software and a mobile device management system (MDM).
We have introduced an entrance and exit management system with ID cards or facial recognition along with a key management system to strictly control access and automatically save records.
We also ensure the continuous operation of the IT infrastructure by installing equipment such as private power generators and a UPS (uninterruptible power system).
We respond to constantly changing technologies and social circumstances and conduct level-based employee training to prevent information security breaches.
Our training includes programs for new employees to provide them with a basic knowledge of information security and relevant laws and regulations and training on supervisor responsibilities for information security so management can acquire the knowledge they need. We also conduct training programs for managementlevel personnel to deepen understanding of social trends (external environment) and our status (internal environment) related to information security.
We also conduct an annual, group-wide e-learning program in October during Corporate Ethics Month to strengthen the information security literacy of employees. Due to the increased the risk of information leaks from telework, we provide employees with training on risk prevention compliance.
In preparation for information security incidents such as data leaks, malware infection, and unauthorized access, we have established a system for minimizing damage, promptly recovering and preventing reoccurrence. G-CSIRT (Glory Computer Security Incident Response Team), which plays a central role in this effort, joined Nippon CSIRT Association, an industry group, in 2014 and has been enhancing response capabilities to incidents through such initiatives as gathering and sharing information and acquiring related skills. The system is being further strengthened to enhance the response to incidents in products, services and at offices.