Risk Management

Risk Management System

The risk management systems adopted by the Company are based on the Risk Management Rules outlining basic policies and management systems concerning risk management, with the President and Representative Director as the highest management executive.

The Risk Management Committee established by the President and Representative Director is the central organization for Group-wide risk management. It works to identify and assess various risks, as well as specify priority risks, and consider countermeasures. Based on the policies of the Committee, individual business divisions and departments coordinate risks relating to their own particular business domains and functions. Results are reported to the Board of Directors through the Committee. The Board of Directors considers responses to important risks that the Committee thinks may have a significant impact on the Group's business activities. When an important risk is recognized to be manifesting, units for taking countermeasures tailored to the expected severity are organized, and prompt and appropriate action is undertaken.

In addition to the above, product market risks arising from daily business activities are handled by individual business divisions, and financial risks by the Accounting & Finance Department and related business divisions.

Functions and Positioning of the Risk Management Committee

Figure: Functions and positioning of the Risk Management Committee

Business Continuity Plan (BCP)

The NH Foods Group has formulated scenarios that have a significant impact on business, such as responses in the event of a large-scale natural disaster, a pandemic, or an emergency in a country where we operate overseas. The Group has established a system for selecting priority operations with the safety of our employees being given top priority. In addition, we regularly update and revise our disaster prevention and BCP manuals, ensuring we have built a system that leads to reliable business recovery measures.

Information Security Measures

The Group recognizes that information security is a major issue affecting operations, conducts risk assessments for the Group as a whole, and implements appropriate information security measures in a deliberate manner.

In addition to the NH Foods Group IT Security Management Regulations, which are universal IT security regulations for the entire Group, we have also established the NH Foods Group IT Security Management Rules, which sets out more detailed rules based on the regulations, and the IT Security Manual which contains information such as specific procedures. These are shared with all Group employees.

With regard to IT security measures, in addition to security measures for devices such as networks and PCs centered around the NH Foods Ltd. IT Strategy Department and Nipponham System Solutions Ltd., risk analyses by specialized outside companies and information security e-learning and targeted attack e-mail training for all Group employees are regularly conducted.

In recent years cyberattacks targeting companies and organizations have become more sophisticated and diverse, and the threat to information security has increased. Use of smart devices and cloud services is also rising, meaning the scope of information security considerations has grown.

As a result, comprehensive information security measures that covers an entire network, rather than partial security measures optimized for a specific section, are now essential.

Therefore, from fiscal 2022, we establish a joint system with a security partner company that can provide comprehensive support covering every aspect of IT security and we continue to strengthen information security.

Also, ransomware attacks in particular are spreading wildly across the globe and there have been many cases where this has caused damage and even halted business operations. We are reinforcing a framework to detect unauthorized access at an early stage and respond swiftly.

Basic Flow of Response to Information Security Incident

Figure: Basic flow of response to information security incident

* SOC (Security Operation Center) : An expert organization that detects and analyzes cyberattacks and provides advice on how to respond