Glory strives to prevent and avoid operational risks and mitigate losses in times of disasters, ensuring the safety of stakeholder positions.
Glory has established the Risk Management Committee, chaired by the president, to maintain and strengthen risk management for the entire Glory Group. The Glory Group regularly conducts risk assessments and works mainly with predetermined divisions and individuals responsible for each risk item to implement precautionary measures against risks during normal times and to secure and improve a system that can respond promptly in times of crisis. The committee discusses measures based on the results of these assessments. A summary of the discussion is regularly reported to the Board of Directors.
In fiscal year 2019, Glory developed activities based on the annual policy and major items predetermined by the Risk Management Committee. We also strived to grasp the Group-wide status of risks and implement risk reduction by planning and executing measures based on the same risk assessment method applied by Glory to each Group company.
The Glory Group annually revises its list of potential risks along with the associated management policy and countermeasures based on changes in the prevailing business environment and progress of our businesses.
In identifying risks, new risks are recognized through a review of the current assessment and internal and external environmental changes. Assessment and analysis are then conducted according to the level of influence and frequency of occurrence, and key items are identified in the Risk Management Committee for formulating countermeasures. These company-wide risks are also reflected as appropriate in the business risks, which are disclosed as such documents as Security Reports in connection with the consideration of financial impacts.
In recent years, we consider worldwide progress of the cashless system as a risk that should be taken account of within the Group. In fiscal year 2019, the COVID-19 pandemic has been spreading rapidly since the fourth quarter, this has been added to risks to be considered, thereby enhancing the content of business risks disclosed through Security Reports and other appropriate documents.
Glory developed its BCP in preparation for emergencies in order to continue key activities and ensure prompt recovery in times of crisis, including disasters. We have organized a strategy for promptly responding during emergencies to reliably and steadily provide products and services by strengthening the supply chain through diversifying the parts procurement risk and preparing regulations and a manual on disaster response. In fiscal year 2019, we conducted a drill for a possible disaster in the vicinity of the headquarters and in accordance with a BCP in order to identify potential problems.
Moreover, in preparation for contingencies, we have strengthened our response to potential damage to important network systems that have a major impact on business continuity, introduced a safety confirmation system, installed satellite phones at main business sites, stocked supplies of food and water, and regularly conduct disaster drills to ensure the effectiveness of our disaster countermeasures.
Having established the Information Security Promotion Section as a subsidiary organization of the Compliance Committee, we created an information security management system under the supervision of the chief information security officer (CISO) to utilize PDCA cycles in order to promote continuous improvement. We also periodically conduct internal audits to confirm its conformity and validity. In fiscal year 2019, we concentrated on procedures for taking external storage devices out of the office as well as the status of virus scanning.
Furthermore, as the risk of cyberattacks has been increasing, we are strengthening our website security by taking measures to address vulnerabilities such as the security diagnosis of our websites, including those of Group companies. In addition, security measures for the supply chain, including our cooperative firms, outsourcing contractors, and Group companies, involve investigating the level of security of contractors that handle important information and providing directions for necessary improvements, thereby enhancing the security of the overall supply chain.
For the purpose of safely and appropriately handling the information assets of our customers, departments concerned with offering systems solutions and services, such as the GCAN Center (Glory Card and Network Center: information processing center), have acquired ISO 27001 certification, the international standard for information security.
|System Product Development Division, GCAN Center, Glory Monitoring Center|
|Domestic Group companies
|GLORY System Create Ltd.|
We are enhancing information security measures, such as introducing ID management systems and systems to prevent unauthorized entry via the Internet or to limit the use of external storage by device control.
We have introduced an entrance and exit management system with ID cards or facial recognition along with a key management system to strictly control access and automatically save records.
We also ensure the continuous operation of the IT infrastructure by installing equipment such as private power generators and a UPS (uninterruptible power system).
We respond to constantly changing technologies and social circumstances and conduct level-based employee training to prevent information security breaches.
Our training includes programs for new employees to provide them with a basic knowledge of information security and relevant laws and regulations and training on supervisor responsibilities for information security so management can acquire the knowledge they need. We also conduct training programs for managementlevel personnel to deepen understanding of social trends (external environment) and our status (internal environment) related to information security.
We also conduct an annual, companywide e-learning program in October during Corporate Ethics Month to strengthen the information security literacy of employees.
In preparation for information security incidents such as data leaks, malware infection, and unauthorized access, we have established a system for minimizing damage, promptly recovering and preventing reoccurrence. G-CSIRT (Glory Computer Security Incident Response Team), which plays a central role in this effort, joined Nippon CSIRT Association, an industry group, in 2014 and has been enhancing response capabilities to incidents through such initiatives as gathering and sharing information and acquiring related skills.