The Mitsui Fudosan Group believes that appropriate handling of various risks surrounding business and minimizing their impact on management serve as the basis for realizing healthy business activities and fulfilling CSR objectives.
Therefore, we have adopted flexible approaches appropriate for the business environment, including a review of the Company's measures.
Readiness of Risk Management (From January 1, 2008)
Establishment of New Risk Management Special Committee
A new system was introduced in January 2008 in which the Executive Management Committee supervises overall risk management for Mitsui Fudosan and the Mitsui Fudosan Group, and the Strategy Planning Special Committee and Risk Management Special Committee manage business risk and administrative risk, respectively, under the Executive Management Committee's supervision.
In the past, various administrative risks were managed by three committees, the Risk Management Special Committee, the Compliance Special Committee and the Internal Control Special Committee. However, with the aim of consolidating the management of risks surrounding the entire Group including the Group companies and reinforcing the preventative risk management system, the aforementioned three special committees were integrated as the newly-established Risk Management Special Committee to develop a system to enable more accurate implementation of crisis response and preventative risk management through establishment of a PDCA (Plan-Do-Check-Act) cycle.
The Risk Management Special Committee convenes about once a month to uncover and comprehend risk issues, examine and devise preventive measures and countermeasures and transmit information throughout the company as necessary.
In addition, the Risk Management Regulations and the Administrative Risk Management Rules were established in April 2008. We are planning to continually engage in the development of company regulations and other rules concerning risk management.
Major Items on the Agenda of the Risk Management Special Committee
- Compliance status
- Status of conducting compliance training
- Changes in organization related to internal control stipulated in the Corporate Law
- Status of occurrence of violations to company regulations and preventative measures
- Personal information protection plan for Group companies
- Status of information security management at Group companies
- Study of methods to diffuse risk/crisis-related information throughout Group companies
Crisis response system
With the aim of flexibly adapting to the occurrence of crises such as accidents and disasters, the Crisis Management Subcommittee was established as a subordinate body of the Risk Management Special Committee in line with the development of risk management measures described above to, among other duties, grasp the circumstances of the occurrence of crises and determine matters such as response policies.
On the other hand, for the purpose of facilitating quick communication upon occurrence of a crisis, the portable leaflet entitled “Instructions for Crisis Response” has been distributed to all employees. This leaflet, which includes a description of the basic policy of “Should a crisis occur, all staff shall fulfill their social responsibilities by immediately devoting their utmost efforts to minimizing damages,” indicates communication rules and a communication network to be prepared as a contingency to effectively share information when crises occur.
Instructions for Crisis Response
Establishment of Emergency Headquarters
In the event of a massive earthquake at or over the lower 6 level on the Japanese intensity scale and hitting the area centered on the Tokyo metropolitan area, an Emergency Headquarters will be set up in the Company's head office. The Emergency Headquarters will work together with the task force in each department to check damages of the Company's owned and/or managed properties, confirm the safety of employees and other related parties, and engage in the collection and sharing of information on the status of affected social infrastructure. The latest equipment and facilities as well as private electric generators have been installed in the space for the Emergency Headquarters located in Mitsui No. 2 Building (Chuo Ward, Tokyo) to be prepared for the occurrence of a massive earthquake.
Space for Emergency Headquarters
Disaster Prevention Countermeasures
The following are additional measures taken for disaster prevention.
- The leaflet entitled “First Actions upon Occurrence of Earthquakes and Other Disasters” is distributed to employees. It clarifies what the employees should do as an initial response in the event of an emergency.
- The Japan Meteorological Agency's Earthquake Early Warnings is introduced to each department, including branch offices. In conjunction with the company broadcast, we have developed a system to inform people in the Company about the movements of seismic tremors.
- In fiscal 2007, we worked to enhance disaster prevention devices such as the introduction of an MCA wireless apparatus used to transmit information in the case of large-scale disasters, in addition to satellite-based mobile phones. Furthermore, we also prepared an increased amount of stockpiled food and drinks, emergency toilets and other emergency supplies.
First Actions upon Occurrence of Earthquakes and Other Disasters
Formulation of BCP
We are also promoting the formulation of a Business Continuity Plan (BCP) to prevent suspension of operations when a massive disaster or such occurs and/or to resume operations at an early stage even when operations are suspended. After drawing up specific plans based on operations of great importance selected in each major department, we have been working on the formulation of a company-wide executive plan. From such efforts, the Disaster Recovery (DR) Center was developed to back up information systems and commenced active operations in autumn 2008.
Mitsui Fudosan appoints the chairperson of the Risk Management Special Committee as a general director of information security management. Under the general director's supervision, a chief administrator, manager, group leader and other leadership are assigned at each organizational level. Among other leadership, chief administrators address risk management concerning information security through organizational efforts aimed at every employee's compliance with the Information Management Rules and other related company regulations already prepared.
Efforts for Personal Information Protection
Under the aforementioned information security management system, the Mitsui Fudosan Group complies with the Act on the Protection of Personal Information and other relevant laws and regulations. For the purpose of appropriately utilizing and managing personal information, the Mitsui Fudosan Group implements and maintains its Personal Information Protection Policy.
In addition, the Mitsui Fudosan Group strives to thoroughly protect personal information by reinforcing the system and cultivating awareness through the following efforts.
- Formulation and application of Guidelines for Personal Information Protection
We have formulated and continue to apply the detailed Guidelines for Personal Information Protection, including the response flow related to conveying information, investigating causes and considering recurrence prevention measures when incidents occur. We have been working to familiarize employees with the guidelines and placing importance on effectiveness by including a link to the Guidelines on the top page of the internal portal and using a Q&A format to explain the text in an easy-to-read style.
- Training through e-learning
Training on personal information protection, which is mandatory for all employees, is provided through e-learning and is divided into two courses, a basic course (for new employees) and an applied course, each conducted twice a year. Nearly 100% of employees take the courses, which provide practical training based on case examples of incidents both within and outside the company and are reexamined every year to contribute to improved awareness of personal information protection on an ongoing basis.
- Preparation of Personal Information Protection Plan
A Personal Information Protection Plan for each department has been formulated and applied since 2005. An inventory of all personal information held by each department is conducted once a year, and a Protection Plan based on issues from the previous year is prepared at the beginning of each fiscal year. The Plan is subject to an audit in autumn and flaws in the Plan revealed by the audit are corrected within the fiscal year to establish the PDCA cycle for each year.
- Thorough management of subcontractors
We have defined the criteria for selecting subcontractors that handle personal information and have completed and execute a standard contract that encompasses the confidentiality and supervision of the safe management of personal information. Further, each department is instructed to regularly confirm that personal information protection is sufficiently carried out in the operations of the subcontractors.
- Maintenance and enhancement of personal information protection at Group companies
We have been working to enhance the personal information protection system at Group companies by continually checking circumstances and providing guidance to establish company regulations related to personal information protection and the handling of personal information on their websites.
