Risk Management System
Economic and political conditions, such social factors as environmental regulations and safety and security systems, natural disasters, and technological innovation in countries around the world have the potential to affect the NYK Group's operations and financial results. Based on its risk management policy and risk management regulations, the NYK Group comprehensively aggregates and controls business risk from a Groupwide perspective and has established a system for responding appropriately to risk.
Risk Management Committee
Meetings of the Risk Management Committee are held twice yearly. At the meetings, NYK officers (including outside directors and audit and supervisory board members) select major risks that could seriously impact management of the Company and evaluate the status of management of those risks. In fiscal 2017, in addition to risks each department is aware of, we endorsed a top-down approach of including comprehensive risks surrounding the Group's business environment.
Further, we prepare a risk map that categorizes risks collected from the entire Company, based on the effect on business management and frequency, and we manage risk accordingly. In fact, since fiscal 2016 we have been expanding our risk management methods to our major group companies, and we have started management and selection of each company's major risk in view of strengthening risk management of the Group as a whole.
In addition, risks that can significantly affect the Companywide business management include operation risk, including major accidents involving vessels or aircraft; country risk; natural disasters and other external factor risk; and compliance risk, such as antitrust law violations.
Information Security Measures
An important facet of the NYK Group's growth strategy is the use of IT to enhance competitiveness. With this in mind, we emphasise managing information security appropriately to control Groupwide risk. As part of these efforts, the IT Strategy Committee and the annual IT Budget Meeting hold deliberations on the NYK Group's information security. In light of the findings of these deliberations, the Information Security Management Committee, which convenes every March, examines the information security of NYK and the NYK Group and decides security measures for the coming fiscal year. Furthermore, the Information Planning and Legal & Fair Trade Promotion groups serve a joint secretariat for this committee.
The Global Infrastructure Planning Department of NYK Business Systems Co. Ltd. and the Information Planning Group prepare, implement, and manage information security policy. We also strengthen information security by having outside experts conduct IT audits.
If an IT problem arises, employees in frontline operations promptly report to senior managers the details of the problem; the extent of the impact on customers, regions, or divisions; and the estimated restoration time. Further, the chief information officer reports IT problems at the executive committee meeting, which is held weekly. Also, the implementation of security measures for digital information has become an important task. Aiming to establish multilayered defences against external attacks and prevent internal information leaks, the NYK Group is strengthening network security, encrypting data, implementing spyware countermeasures, conducting security education for users and technical personnel, and monitoring information leaks.
NYK has prepared business continuity plans (BCPs) for all the major operations in NYK headquarters, so if disasters, accidents, or other events disrupt operations, the Group will be able to maintain its important functions uninterrupted wherever possible, or to quickly restore them if interrupted.
In 2016, NYK included preparations for working from home in its revised BCPs, transferred to a more earthquake resistant data center, and introduced an IT platform that uses cloud computing to enable the sharing of information globally. We have also established an IT tool for information sharing in the event of a natural disaster and conducted a disaster drill using the IT tool.