Risk management

Basic concept

To achieve sustainable growth, we appropriately identify all internal and external risks related to our business activities, implement risk countermeasures, evaluate their implementation status, and strive to make improvements.

If a risk becomes apparent, we quickly gather information, assess the situation to minimize the damage or loss caused by the apparent risk, and engage in risk management.

Risk and Compliance Committee

We have a Risk and Compliance Committee as an advisory body to the Board of Directors to build, disseminate, and firmly establish our risk management system and compliance system based on our “Code of Conduct for Risk Management & Compliance”. Furthermore, the Secretariat of the Risk and Compliance Committee handles cases related to risk management and compliance and considers how to respond to them.

In addition, we have a Compliance Consultation and Reporting Desk as an internal reporting system, where individuals can contact us directly.

Risk Assessment

We conduct risk assessments by utilizing the risk management framework of the NAGASE Group.
This enables us to systematically and effectively identify and address potential ESG (Environmental, Social, and Governance) risks.

Business crisis management

In July 2016, we established NCX Business Crisis Management Rules, which can be implemented promptly and appropriately from the initial on-site organizational response of the group, and we make sure that all employees are aware of the rules.

Information security

The NAGASE Group strongly recognizes the importance of protecting data assets owned and managed in the course of conducting business activities. The economic and social losses incurred from information leaks and other accidents are incalculable. As for information security measures, all NAGASE Group employees are aware of the importance and need to work together Group-wide on this matter. Regarding the promotion of information security, we have established the Basic Policy of Information Security, as well as the Guideline for Information Security Measures which comprehensively detail recommended security levels and rules that need to be followed.
In addition, each Group company creates a manual detailing rules and things to be careful about during daily tasks as well as various rules and procedures outlining how to implement information security countermeasures. We are also fostering greater awareness among all employees through regular education and training.

Response System for Cyber Security Incidents

The NAGASE Group has established a CSIRT (Cyber Security Incident Response Team) as an executive organization to prevent information security incidents, detect them early, resolve them early, and minimize damage.
The members of the CSIRT are appointed by the Information Security Committee, and the CSIRT serves as a contact point for reporting information security incidents of the NAGASE Group.

Education Initiatives for Information Security

In order to maintain and improve our information management system, the NAGASE Group regularly implements the following information security training initiatives.

• Once a year, targeted attack training emails are sent out
• Once a year, an e-learning course on information security is conducted
• Thorough familiarization of new employees with the Basic Policy on Information Security