Basic policies and structure
Basic concepts and policies
SECOM’s approach to risk management is embedded in day-to-day business activities, with the understanding that SECOM’s business of providing security services is risk management itself.
Under the supervision of the President and Representative Director, Executive Officers in charge analyze and assess business risk and fraud risk in the operational areas for which they are responsible. Using the results of risk analysis and assessment, we have summarized the risks at SECOM in the event of large-scale calamities and at ordinary times as follows.
Risk categories in the event of large-scale calamities and at ordinary times
|Large-scale calamity||(1) Large-scale calamity risk||Earthquakes, wind, flood, volcanic disasters, radiation leakage, etc.|
|Ordinary times||(2) Compliance risk||Noncompliance with the Constitutions of SECOM Group in Business and Management, SECOM Group Code of Employee Conduct, other internal rules and guidelines, etc., risk accompanied by establishment or changes in regulations (in tax system, medical system, etc.), breach of law, etc.|
|(3) System risk||Information system shutdown, electronic data extinguishment, large-scale blackout, wide-area circuit disturbance, information communication technology (ICT) related risk, etc.|
|(4) Service providing risk||Risk incurred when providing services (accidents related to security, fire alarm or equipment maintenance, etc.)|
|(5) Administrative work and accounting risk||Input error or input omission in administrative or account processing, estimation error for allowance, etc.|
|(6) Others||Offence from outsiders (groundless rumor, calumniation, theft, terrorism, etc.), risk related to M&A, risk related to new system development, other risk related to business infrastructure (fire on the Company’s premises, pandemic influenza, disease epidemic, etc.), etc.|
In SECOM CO., LTD., under the supervision of the President and Representative Director, and Executive Officers in charge establish rules and manuals, based on the analysis and assessment of business risk and fraud risk in the operational areas for which they are responsible. Rules and manuals cover the daily risk-monitoring system and stipulate preventive measures, prompt and appropriate communication, and emergency preparedness if an incident occurs, all of which are based on risk analysis and assessment. Established rules and manuals are revised as appropriate, in line with changes in external conditions. In addition, to understand risks across the entire company and review countermeasures, we established the Risk Committee, chaired by the Director in charge of risk management and composed of managers from major departments at the head office. The committee meets regularly and reports to the President and Representative Director as necessary.
Meanwhile, Group companies strengthen risk management in line with our basic policy guidelines, and take appropriate measures under SECOM’s direction when important events occur.
IT systemization is essential in order to provide a higher level of security services more effectively to our customers. If information is leaked for some reason, the safety of customers will be severely impacted, and if information is not accurate and cannot be accessed in a timely manner by SECOM staff in the event of an emergency, it will not be possible to provide security services. This means that security operations can only be executed by ensuring the confidentiality, integrity, and availability that are the concept of information security management.
Information security is a core element of SECOM’s business. We therefore place utmost importance on information security, and construct robust information security systems.
For security management, SECOM has appointed an Executive Officer and a department in charge of supervising information security for Group companies. In this way, we strive to ensure information security throughout the entire SECOM Group.
In fiscal 2018, we strengthened information security by partially introducing AI in monitoring cyberattacks. In fiscal 2019, we strove to improve not only our 24-hour, 365-day-a-year monitoring and response but also implement our PDCA cycle. Moving forward, we will engage in even stricter maintenance and management of systems for the implementation, operation, and management of information security.
- In fiscal 2019, there were no incidents concerning breaches of customer privacy, customer data leakage, theft, loss, administrative directives, or complaints by external parties.
Protecting personal information
All employees are required to go through e-learning and confirmation tests on the protection of personal information every year.
SECOM works to achieve a society in which anyone can live with safety and peace of mind, whenever and wherever. In line with this philosophy, we are also committed to initiatives to provide customers peace of mind about their valuable personal information.
With respect to the handling of the personal information that SECOM holds, we comply with laws, government guidelines, and other related standards. Furthermore, we prohibit the use of personal information beyond the scope required to achieve the original purpose and have also established measures to ensure handling within this scope. We also implement the necessary and appropriate security measures to prevent information leakage and strictly manage information by conducting employee training and awareness-raising activities.
Every year, all employees are required to participate in e-learning programs and confirmation tests to ensure adherence to basic items and rules. The internal audit departments conduct periodic inspection for items such as handling of personal information, data management, workplace organization, and access control at each office.
Certification for the Privacy Mark
SECOM has received the Privacy Mark certification from JIPDEC (Japan Information Processing and Development Center). The Privacy Mark certification is granted to business operators that take appropriate measures to protect personal information by using management systems in compliance with JIS Q 15001*.
- JIS Q 15001: Personal information protection management system requirements
Business Continuity Plans (BCPs)
Delivery of relief supplies using SECOM helicopters
The SECOM Group provides services for seamless protection of safety and peace of mind 24 hours a day, 365 days a year. With regard to our BCPs, we define responsibilities and rules and establish facilities and systems in order to continue operations in the event of wide-area and large-scale disasters including earthquakes and typhoons, large-scale blackouts, and pandemics.
In the event of disasters, SECOM immediately ascertains the safety of our employees and their families, as well as the extent of damages to each office. The head office disaster response headquarters cooperates with the regional disaster response headquarters in the affected area to take measures for recovery and business continuity. In order to minimize the interruption of services provided to customers, SECOM organizes foundations to continue business operations such as enhancing our emergency power facilities, multiplexing our means of communication, and deploying emergency supplies. These measures are specified in the “Manual for Response to Wide-area and Large-scale Disasters,” in which SECOM defines detailed methods for response as an organization within the first 24 hours after the occurrence of a disaster, securing a system for fast recovery of operations.
In order to strengthen our disaster response capability, we reviewed the emergency supplies deployed in four locations nationwide: Miyagi, Kanagawa, Chiba, and Mie prefectures. As a result, we quickly delivered useful relief supplies to disaster-stricken areas while utilizing our network of offices spread throughout Japan in the 2018 Hokkaido Eastern Iburi Earthquake, the torrential rains in July 2018, and Typhoon Faxai in 2019.
In recent years, Japan has frequently been struck by disasters such as earthquakes and heavy rain. Amid these conditions, helicopters are useful as one part of BCP. SECOM utilized two helicopters on many occasions including the Great Hanshin–Awaji Earthquake, the Great East Japan Earthquake, and the Kumamoto Earthquake. Helicopters that quickly fly personnel and relief supplies over a wide disaster area are becoming increasingly essential for SECOM’s business continuity. Recently, we have further strengthened our capacity to respond to disasters by replacing a helicopter with a newer model and increasing the number of our helicopter personnel.
Risk management for employees stationed overseas
Countermeasures for situations like terrorism or disasters must cover a wide range spanning from preventive measures to avoid incidents and accidents to response measures in the actual incident.
As risk management for employees stationed overseas, SECOM takes measures such as (1) gathering information on disasters and public security conditions, (2) creating crisis management manuals, (3) holding safety education and training for employees and their families, and (4) strengthening security systems for company facilities and residences. In Japan, we also establish support systems, including gathering, analyzing, and providing information on terrorism and disasters 24 hours a day.
Protecting intellectual property
Active participation by all employees is necessary to achieve SECOM’s fundamental philosophy of conducting business that is beneficial to society, as stated in the Constitutions of SECOM Group in Business and Management. Furthermore, inventions that come from “unique and revolutionary technology and ideas” have extremely high value for the businesses of the SECOM Group, and the utilization of these inventions as intellectual property is essential for SECOM to provide unique business and services that far surpass those of other companies.
Therefore, to encourage employees to create inventions and to promote appropriate management and utilization of intellectual property by the company, we have established rules for handling inventions. Also, we set up the Intellectual Property Page on our intranet for employees to refer to these rules and procedures for submitting inventions at any time.
SECOM also respects the intellectual property rights of other parties. We obtain the intellectual property information of other companies in advance and confirm that the products and services provided by SECOM do not infringe on the intellectual property rights of other parties.
As for brand management, SECOM handles the acquisition and appropriate use of trademarks globally, monitoring and eliminating their unauthorized use (in counterfeit goods) to improve the SECOM brand value.
In fiscal 2019, we carried out activities to promote the protection of our intellectual property, contributing to the fundamental technology, co-creation, and open innovation for realizing the ANSHIN Platform framework.
Inventions at SECOM are mainly made by the Intelligent Systems Laboratory, which conducts research on fundamental technology at a high level, and the R&D Center, which develops new security systems and products utilizing the fundamental technology of the Intelligent Systems Laboratory. The revolutionary inventions created by these sections enable the development and supply of highly reliable systems and services in high quality, providing superior performance unique to SECOM. As of July 31, 2020, SECOM CO., LTD. owns approximately 250 patents pending and approximately 1,000 patent rights.
In July of each year, the SECOM Invention Prize is awarded to employees who created advanced, innovative, and valuable inventions from among the patents that were registered in the previous fiscal year.
Intellectual property page containing invention handling rules and procedures for submitting ideas for inventions
Winners of the Fiscal 2019 SECOM Invention Prize