- The Kirin Group establishes risk management systems and works to manage risk to ensure that it can accurately identify and address risks with the potential to seriously impede the accomplishment of its targets or impact its business continuity. Priority risk areas have been defined that include risks related to new strategies or initiatives and risks arising from major changes in the operating environment.
- Group companies identify serious internal and external risks and formulate response measures as part of the process of establishing annual business plans.
- Kirin Holdings promotes Groupwide risk management. Specific measures to this end include putting forth the Group’s risk management policies, confirming that Group companies have effectively identified serious risks, and monitoring the status of response plans relating to these risks and their implementation.
Risk Management PDCA Cycle
Process for designation of serious risk
- Kirin Group companies, in conformance with the group risk management policy, identify and examine the quantitative and qualitative risk associated with their business activities.
- The Group Risk and Compliance Committee Administrative Office (Kirin Holdings Corporate Strategy Department) surveys and investigates all risks. The committee defines serious risks to the Group as risks considered to have a potentially strong impact, a high likelihood of occurring, or widespread ramifications.
Business risk impact and countermeasures
The Kirin Group quantitatively and qualitatively evaluates the potential impact and probability of occurrence of each risk. Risks determined to have a strong potential impact are designated as serious risks. The Group communicates the serious risks to the executive managements of Kirin Holdings and each group company, establishes clear roles for each company and department, and prescribes risk reduction measures. The Group regularly monitors the risk conditions and the progress with countermeasures and when necessary reevaluates reviews the status of the serious risks.
Measures against Information Security Risks
The Kirin Group has established a KIRIN-CSIRT (Computer Security Incident Response Team) to respond to increasingly serious threats from cyber-attacks, and is working on information-security measures, which are one of the major risks for the Kirin Group. We have established a security response system within the Group and countermeasures by human, physical and technological side. By doing this we can strengthen countermeasures against the threat of cyber attacks, such as virus infections and unauthorized access from outside.
Practice for Privacy Data Protection
From the perspective of respect for human rights, The Kirin Group supports the eight basic principles listed in “Recommendation of the Council Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data” adopted by the Organization for Economic Cooperation and Development (OECD) and established “Kirin Group Privacy Data Protection Policy” to put these principles into practice.
In addition to the eight basic principles, the Kirin Group Privacy Data Protection Policy includes Kirin's own initiatives for continuous improvement in response to changes in social norms and employee education.
We will evaluate each Group company based on the Privacy Data Protection Policy, formulate improvement plans for each company in the future, monitor the status of implementation, and disclose the status of compliance and improvement. We will appoint responsible officer of privacy data protection at each company and strive to raise understanding and awareness of privacy data protection.
Crisis Management and Business Continuity Planning
- In the event of a crisis, the Group Risk management Committee shares and exchanges information with Domestic and overseas Group companies to provide support and maintain group-wide crisis preparedness.
- In particular, following the Great East Japan Earthquakes in March 2011, we have maintained preparedness for large earthquakes or other disasters, and have enhanced business continuity plan (BCP) by re-examining expected events and scope of disaster preparedness.
- Specifically, we reassess our business continuity plan and provide disaster training accordingly, as well as implement measures to reduce procurement risks.