The Mitsui Fudosan Group believes that appropriate handling of various risks surrounding business and minimizing their impact on management serve as the basis for realizing healthy business activities and fulfilling CSR objectives.
Therefore, we have secured readiness to adopt flexible approaches appropriate for changes in the business environment.
Establishment of Risk Management Special Committee
The Executive Management Committee supervises overall risk management for Mitsui Fudosan and the Mitsui Fudosan Group, and the Strategy Planning Special Committee and Risk Management Special Committee manage business risk (*2) and administrative risk (*3), respectively, under the Executive Management Committee's supervision.
The Risk Management Special Committee manages overall business risk and we have established a PDCA (Plan-Do-Check-Act) cycle. As such, we have established a system to enable more accurate implementation of crisis response and preventative risk management. The Risk Management Special Committee convened once a month in fiscal 2011 and held a total of 12 meetings. They uncovered and comprehended risk issues, examined and devised preventive measures and countermeasures and transmitted information throughout the Company and its Group companies as necessary.
(*2) Business risk: Risks mainly due to promotion of business and obtaining profits, including development risks, leasing risks and market risks.
(*3) Administrative risks in ordinary operations, including disaster risks, system risks, clerical risks and compliance risks.
Readiness of Risk Management (From January 1, 2008)
Crisis Response System
With the aim of flexibly adapting to the occurrence of crises such as accidents and disasters, the Crisis Management Subcommittee was established by the Risk Management Special Committee to, among other duties, grasp the circumstances and determine matters such as response policies. They convened 19 times in fiscal 2011.
Major Items on the Agenda of the Risk Management Special Committee
- Occurrence of incidents or accidents and status of responses
- Compliance status
- Status of conducting compliance training
- Status of occurrence of violations to company regulations and preventative measures
- Personal information protection plan for the Company and Group companies
- Diffusion of risk / crisis-related information throughout Group companies
- Status of progress of J-SOX
Establishment of Emergency Headquarters
In the event of a massive earthquake at or over the lower 6 level on the Japanese intensity scale and hitting the area centered on the Tokyo metropolitan area, an Emergency Headquarters will be set up in the Company's head office. The Emergency Headquarters will work together with the task force in each department to check damages of the Company's owned and/or managed properties, confirm the safety of employees and other related parties, and engage in the collection and sharing of information. The latest equipment and facilities as well as private electric generators have been installed in the space for the Emergency Headquarters located in Mitsui No. 2 Building (Chuo-ku, Tokyo) to be prepared for the occurrence of a massive earthquake.
Formulation of BCP
We are also promoting the formulation of a Business Continuity Plan (BCP) in preparation for the occurrence of a massive disaster or such. Based on BCP, we periodically conduct training sessions and review the plan itself. Furthermore, we are promoting the formulation of a BCP for companies carrying out the operation or management of office buildings, retail properties, hotels and rental housing (Group companies).
Measures against New Strain Influenza
We promote the stockpiling of masks, etc. to prepare against the new strain of influenza and also formulate countermeasures. Envisaging an outbreak of highly virulent types of the new strain influenza, the sorting out of important jobs and the creation of manuals for business continuity are being suggested in the direction of incorporating BCP.
Mitsui Fudosan appoints the chairperson of the Risk Management Special Committee as a general director of information security management. Under the general director's supervision, a chief administrator, manager, group leader and other leadership are assigned at each organizational level. Among other leadership, chief administrators address risk management concerning information security through organizational efforts aimed at every employee's compliance with the Information Management Rules and other related company regulations already prepared. Furthermore, in fiscal 2009, we expanded the former “Personal Information Administrative Office” to become the “Information Security Workshop” as a body reporting to the Risk Management Special Committee.
Personal Information Protection
Under the aforementioned information security management system, the Mitsui Fudosan Group complies with laws and regulations related to personal information protection. For the purpose of appropriately utilizing and managing personal information, the Mitsui Fudosan Group implements and maintains its Personal Information Protection Policy.
In addition, the Mitsui Fudosan Group strives to reinforce the system and cultivate awareness through the following efforts.
Personal Information Protection Efforts
- Formulation and application of Guidelines for Personal Information Protection
We have been working to familiarize employees with the Guidelines for Personal Information Protection and placing importance on effectiveness by including a link on the top page of the internal portal and using a Q&A format to explain the text. To that end, we have formulated detailed Guidelines, including the response flow when incidents occur.
- Training through e-learning
Training on personal information protection is provided through e-learning and is divided into two courses, a basic course (for new employees) and an applied course, each conducted twice a year. Nearly 100% of employees take the courses, which provide practical training based on case examples of incidents both within and outside the company and are reexamined every year.
- Maintenance and enhancement of personal information protection at Group companies
We have been continually checking circumstances and providing guidance to Group companies on their status of establishing company regulations related to personal information protection and the handling of personal information on their websites.
- Thorough management of subcontractors
We have defined the criteria for selecting subcontractors and have completed and execute a standard contract that encompasses management of personal information. Further, each department and Group company is instructed to regularly confirm that personal information protection is sufficiently carried out in the operations of the subcontractors.