As corporations deal with constantly-changing business conditions, they also face increasingly diverse, complex risks.
KDDI defines risks as those factors and phenomena that influence the achievement of management objectives. We recognize that strengthening risk management is an important management issue. To ensure the continuation of business and fulfill our responsibilities to society, we promote risk management activities across the Group as a whole.
KDDI's Risk Management and Internal Control Systems
KDDI has established a system to centralize the management of risks, which it defines as factors that have the potential to block the achievement of management objectives. The Corporate Risk Management Division, led by a general manager of the Corporate Risk Management Division, is the core of this system.
To realize sustainable growth across the entire Group, KDDI and its Group companies, including subsidiaries and other affiliates, operate and maintain a Groupwide internal control system, and engage in risk management activities. We also aim to promote operational quality enhancement activities to realize a corporate constitution that prevents risks from materializing.
Risk Management Activity Cycle
KDDI recognizes that in order to prevent a corporate crisis from occurring, it is important to understand the signs of such crises and to put countermeasures in place before the situation worsens.
To that end, we have built a PDCA cycle for risk management activities. We have also put in place a structure for reducing risk and for dealing with risks appropriately when they are discovered.
Information Security Initiatives
Recent years have seen many incidents worldwide in which software virus infections caused by cyberattacks have led to leaks of important confidential information, something which has become a major social issue. The KDDI Group considers the personal information it retains for its customers and the business information it retains for its business partners to be extremely important assets that need to be managed with the strictest care.
We also will strive to enlighten our employees on the importance information security and to enhance security measures, as we work to ensure proper information management.
Information Security Management Framework
To ensure a unified approach to information security for information assets across the Group as a whole, KDDI has established an Information Security Committee chaired by the general manager of the Technology Sector. The committee comprises management, along with the heads of sales, technology, and corporate administrative divisions. This creates a structure that can accurately grasp the status of information security management and promptly implement measures to enhance information security at KDDI itself and throughout the Group.
Efforts to Reduce Information Security Risks
KDDI's efforts to reduce information security risk include preventing leaks of customer information and defending itself against cyber-terrorism. Management of all Company information assets starts with the formulation of policy by the Information Security Committee, which is then implemented through the concerted efforts of our officers and employees. The Information Security Committee is part of our corporate governance framework, which manages risk for the Company as a whole.
In the fiscal year ended March 31, 2017, we established an Information Security Incident Prevention Enhancement Month as a Companywide initiative with the goal of familiarizing employees with the need to comply with information security rules and ensuring their proper application. Through the implementation of this and other initiatives, we are working to enhance employee awareness.
To stand up against increasingly sophisticated, complex information security threats, KDDI also needs to collaborate with external parties. We are actively involved in cross-industry initiatives related to information security.