The Mitsui Fudosan Group believes that appropriate handling of various risks surrounding business and minimizing their impact on management serve as the basis for realizing healthy business activities and fulfilling CSR objectives.
Therefore, we have secured readiness to adopt flexible approaches appropriate for changes in the business environment.
Readiness of Risk Management (From January 1, 2008)
Establishment of Risk Management Special Committee
The Executive Management Committee supervises overall risk management for Mitsui Fudosan and the Mitsui Fudosan Group, and the Strategy Planning Special Committee and Risk Management Special Committee manage business risk (*1) and administrative risk (*2), respectively, under the Executive Management Committee's supervision.
The Risk Management Special Committee manages overall business risk and we have established a PDCA (Plan-Do-Check-Act) cycle. As such, we have established a system to enable more accurate implementation of crisis response and preventative risk management. The Risk Management Special Committee convened once a month in fiscal 2008 and held a total of 12 meetings. They uncovered and comprehended risk issues, examined and devised preventive measures and countermeasures and transmitted information throughout the Company as necessary.
In addition, the Risk Management Regulations and the Administrative Risk Management Rules were established in April 2008. We are continually engaging in the development of company regulations and other rules concerning risk management.
(*1) Business risk: Risks mainly due to promotion of business and obtaining profits, including development risks, leasing risks and market risks.
(*2) Administrative risks in ordinary operations, including disaster risks, system risks, clerical risks and compliance risks.
Major Items on the Agenda of the Risk Management Special Committee
- Occurrence of incidents or accidents and status of responses
- Compliance status
- Status of conducting compliance training
- Status of occurrence of violations to company regulations and preventative measures
- Personal information protection plan for the Company and Group companies
- Diffusion of risk / crisis-related information throughout Group companies
- Status of progress of J-SOX
Crisis Response System
With the aim of flexibly adapting to the occurrence of crises such as accidents and disasters, the Crisis Management Subcommittee was established by the Risk Management Special Committee to, among other duties, grasp the circumstances and determine matters such as response policies. They convened nine times in fiscal 2008.
On the other hand, for the purpose of facilitating quick communication upon occurrence of a crisis, the portable leaflet entitled "Instructions for Crisis Response" has been distributed to all employees. This leaflet, which includes a description of the basic policy of "all staff shall fulfill their social responsibilities by immediately devoting their utmost efforts to minimizing damages," indicates communication rules and a communication network to be prepared as a contingency to effectively share information.
Instructions for crisis response
Establishment of Emergency Headquarters
In the event of a massive earthquake at or over the lower 6 level on the Japanese intensity scale and hitting the area centered on the Tokyo metropolitan area, an Emergency Headquarters will be set up in the Company's head office. The Emergency Headquarters will work together with the task force in each department to check damages of the Company's owned and/or managed properties, confirm the safety of employees and other related parties, and engage in the collection and sharing of information. The latest equipment and facilities as well as private electric generators have been installed in the space for the Emergency Headquarters located in Mitsui No. 2 Building (Chuo-ku, Tokyo) to be prepared for the occurrence of a massive earthquake.
Space for Emergency Headquarters
Formulation of BCP
We are also promoting the formulation of a Business Continuity Plan (BCP) to prevent suspension of operations when a massive disaster or such occurs. After drawing up specific plans in each major department, we worked on the formulation of a company-wide executive plan and completed the first edition in June 2009. In tandem with such measures, we are promoting the formulation of a BCP for companies carrying out the operation or management of buildings, retail properties, hotels and rental housing (Group companies).
Furthermore, as for information systems, in addition to the data center in Tokyo that is already added with anti-seismic reinforcement, a Disaster Recovery (DR) Center was developed to back up information systems during a disaster in August 2008 in an area outside of Tokyo. To prepare for the occurrence of an actual disaster, we have conducted a test to switch over to the DR Center and have confirmed that it operates smoothly.
Measures against New Strain Influenza
In fiscal 2008, we stockpiled masks, etc. to prepare against the new strain influenza and also began to formulate countermeasures. The aim is to incorporate this into the BCP and we are currently clarifying the minimum operations necessary to realize the continuation of business and are reviewing measures to be taken, such as restrictions on coming to the office.
Other Disaster Prevention Countermeasures
The following are additional measures taken for disaster prevention.
- The leaflet entitled "First Actions upon Occurrence of Earthquakes and Other Disasters" is distributed to employees. It clarifies what the employees should do as an initial response in the event of an emergency.
- The Japan Meteorological Agency's Earthquake Early Warnings is introduced to each department, including branch offices. In conjunction with the company broadcast, we have developed a system to inform people in the Company about the movements of seismic tremors.
- We are working to enhance disaster prevention devices such as the introduction of satellite-based mobile phones and an MCA wireless apparatus to communicate in the case of disasters. Furthermore, we are also preparing an increased amount of stockpiled food and drinks, emergency toilets and other emergency supplies as needed.
First Actions upon Occurrence of Earthquakes and Other Disasters
Mitsui Fudosan appoints the chairperson of the Risk Management Special Committee as a general director of information security management. Under the general director's supervision, a chief administrator, manager, group leader and other leadership are assigned at each organizational level. Among other leadership, chief administrators address risk management concerning information security through organizational efforts aimed at every employee's compliance with the Information Management Rules and other related company regulations already prepared.
Personal Information Protection
Under the aforementioned information security management system, the Mitsui Fudosan Group complies with laws and regulations related to personal information protection. For the purpose of appropriately utilizing and managing personal information, the Mitsui Fudosan Group implements and maintains its Personal Information Protection Policy.
In addition, the Mitsui Fudosan Group strives to reinforce the system and cultivate awareness through the following efforts.
- Formulation and application of Guidelines for Personal Information Protection
We have been working to familiarize employees with the Guidelines for Personal Information Protection and placing importance on effectiveness by including a link on the top page of the internal portal and using a Q&A format to explain the text. To that end, we have formulated detailed Guidelines, including the response flow when incidents occur.
- Training through e-learning
Training through e-learning
Training on personal information protection is provided through e-learning and is divided into two courses, a basic course (for new employees) and an applied course, each conducted twice a year. Nearly 100% of employees take the courses, which provide practical training based on case examples of incidents both within and outside the company and are reexamined every year.
- Preparation of Personal Information Protection Plan
An inventory of all personal information held by each department is conducted once a year, and a Personal Information Protection Plan based on issues from the previous fiscal year is prepared at the beginning of each fiscal year. The Plan is subject to an audit in autumn and flaws revealed by the audit are corrected within the fiscal year to establish the PDCA cycle.
- Maintenance and enhancement of personal information protection at Group companies
We have been continually checking circumstances and providing guidance to Group companies on their status of establishing company regulations related to personal information protection and the handling of personal information on their websites.
- Thorough management of subcontractors
We have defined the criteria for selecting subcontractors and have completed and execute a standard contract that encompasses management of personal information. Further, each department and Group company is instructed to regularly confirm that personal information protection is sufficiently carried out in the operations of the subcontractors.