Sustainability

Risk Management

Glory strives to avoidoperational risks and mitigate losses in times of disasters, ensuring the safety of stakeholder positions.

Risk Management Framework

Glory has established the Risk Management Committee, chaired by the president, to maintain and strengthen risk management for the entire Glory Group. The Glory Group conducts risk assessments periodically,then works with the divisions and individuals responsible for each risk item to regularly implement precautionary measures ,while establishing a system that can respond promptly in times of crisis. The committee discusses measures based on the results of these assessments,and a summary of the discussion is reported to the Board of Directors on a regular basis.

In fiscal 2020, Glory developed measures against critical risks in the Risk Management Committee,and these measures are reflected in the 2023 Medium-Term Management Plan that started in April 2021.We have conducted the same assessment group-wide to grasp overall risk status and implemented measures accordingly to mitigate any risks identified therein.

Risk Management Framework

Risk Management Framework

Risk Identification Process

The Glory Group revises its list of potential risks on an annual basis along with the associated management policy and countermeasures based on changes in the prevailing business environment and progress of our businesses. New risks can be identified in the review based on existing assessment and factors such as internal/external environmental changes. Further assessment and analysis are then conducted based on the level of influence and frequency of occurrence, and key items are identified in the Risk Management Committee to formulate appropriate countermeasures. These risks are included n business risks as required, then disclosed in such documents as Security Reports in connection with the consideration of financial impacts.

The COVID-19 pandemic has accelerated the global shift to cashless transactions, which the Group considers as business risk that should be taken into account. With an increased number of cyber-attacks,we have also identified such information security risks to be stated in the fiscal 2020 Security Report.

 

Business Continuity Plan (BCP)

Simulation drill for a machinery oil spill

Simulation drill for a machinery oil spill

Glory has developed a BCP in preparation for emergencies in order to continue key activities and ensure prompt recovery in times of crisis including natural disasters. To ensure stable supply of products and services during emergencies, we consistently strengthen our supply chain by diversifying the risk of parts procurement, and review emergency manuals and regulations. In fiscal 2020, we developed emergency manuals by divisions based on the specific measures taken against the pandemic.

In preparation for contingencies, we have strengthened our countermeasures against potential damage to important network systems that have a major impact on business continuity, introduced a safety confirmation system, installed satellite phones at main business sites, and stocked supplies of food and water. In addition, we regularly conduct disaster drills to ensure the effectiveness of our disaster countermeasures.

 

Information Security Management System

Glory handles a large volume of confidential information concerning matters such as cash processing and settlement processing. Accordingly, we focus on the integrated strengthening of our information security throughout the Group based on the Information Security Basic Policy and Privacy Policy, which stipulate our basic stance and attitude as a Group.

Measures for Organizational Safety Management

Under the supervision of the Chief Information Security Officer (CISO), we have established the Information Security Promotion Section as a company-wide cross-sectional organization to improve the level of information security for the entire Group. The section has been making continuous improvements through the PDCA cycle based on the Information Security Policy. Internal audits are also conducted regularly to check the suitability and effectiveness of the system. In addition, as a measure to strengthen security not only for the Group but also for the entire supply chain, we conduct security surveys of contractors who handle important information to ascertain their security levels and provide guidance on improvements as necessary.

 

Enhancing Information Security Measures

For the purpose of safely and appropriately handling the information assets of our customers, departments concerned with offering systems solutions and services, such as the Servise Connect Center (Information processing center), have acquired ISO 27001 certification, the international standard for information security.

Business sites and departments that have acquired ISO 27001 certification

GLORY LTD. 3 Departments System Product Development Division, Settlement and Data Service Division, Glory Monitoring Center
Domestic Group companies 1 company GLORY System Create Ltd.
 

Technical Safety Management

We are enhancing information security measures, such as introducing ID management systems and systems to prevent unauthorized entry via the Internet or to limit the use of external storage by device control. In addition, to prevent unauthorized use by stranger, two-factor authentication has been introduced in the important systems to strengthen authentication.

For teleworkers, we use VPN lines to ensure network security to prevent leakage of confidential information, and we are also strengthening endpoint security by thoroughly addressing vulnerabilities and introducing anti-virus software and a mobile device management system (MDM).

Physical Safety Management

We have introduced an entrance and exit management system with ID cards or facial recognition along with a key management system to strictly control access and automatically save records.

We also ensure the continuous operation of the IT infrastructure by installing equipment such as private power generators and a UPS (uninterruptible power system).

 

Information Security Education

Personnel Safety Management

We respond to constantly changing technologies and social circumstances and conduct level-based employee training to prevent information security breaches.

Our training includes programs for new employees to provide them with a basic knowledge of information security and relevant laws and regulations and training on supervisor responsibilities for information security so management can acquire the knowledge they need. We also conduct training programs for managementlevel personnel to deepen understanding of social trends (external environment) and our status (internal environment) related to information security.

We also conduct an annual, group-wide e-learning program in October during Corporate Ethics Month to strengthen the information security literacy of employees. Due to the increased the risk of information leaks from telework, we provide employees with training on risk prevention compliance.

 

Response to Information Security Incidents

In preparation for information security incidents such as data leaks, malware infection, and unauthorized access, we have established a system for minimizing damage, promptly recovering and preventing reoccurrence. G-CSIRT (Glory Computer Security Incident Response Team), which plays a central role in this effort, joined Nippon CSIRT Association, an industry group, in 2014 and has been enhancing response capabilities to incidents through such initiatives as gathering and sharing information and acquiring related skills. The system is being further strengthened to enhance the response to incidents in products, services and at offices.

For more product and support service information,
please select a language from the options below
to be redirected to the appropriate site.