Basic policies and structure

Basic concepts and policies

SECOM’s approach to risk management is embedded in day-to-day business activities, with the understanding that SECOM’s business of providing security services is risk management itself.

Under the supervision of the President and Representative Director, Executive Officers in charge analyze and assess business risk and fraud risk in the operational areas for which they are responsible.

The analysis and assessment is conducted under the classification of risks as below.

Structure

In SECOM CO., LTD., under the supervision of the President and Representative Director, and Executive Officers in charge establish rules and manuals, based on the analysis and assessment of business risk and fraud risk in the operational areas for which they are responsible. Rules and manuals cover the daily risk-monitoring system and stipulate preventive measures, prompt and appropriate communication, and emergency preparedness if an incident occurs, all of which are based on risk analysis and assessment. Established rules and manuals are revised as appropriate, in line with changes in external conditions. In addition, to understand risks across the entire company and review countermeasures, we established the Risk Committee, chaired by the Director in charge of risk management and composed of managers from major departments at the head office. The committee meets regularly and reports to the President and Representative Director as necessary.

Meanwhile, Group companies strengthen risk management in line with our basic policy guidelines, and take appropriate measures under SECOM’s direction when important events occur.

Information security

IT systemization is essential in order to provide a higher level of security services more effectively to our customers. If information is leaked for some reason, the safety of customers will be severely impacted, and if information is not accurate and cannot be accessed in a timely manner by SECOM staff in the event of an emergency, it will not be possible to provide security services. This means that security operations can only be executed by ensuring the confidentiality, integrity, and availability that are the concept of information security management.

Information security is a core element of SECOM’s business. We therefore place utmost importance on information security, and construct robust information security systems.

For security management, SECOM has appointed an Executive Officer and a department in charge of supervising information security for Group companies. In this way, we strive to ensure information security throughout the entire SECOM Group.

In recent years, we strengthened information security by partially introducing AI in monitoring cyberattacks, and strove to improve not only our 24-hour, 365-day-a-year monitoring and response but also implement our PDCA cycle. Moving forward, we will engage in even stricter maintenance and management of systems for the implementation, operation, and management of information security.

Protecting personal information

SECOM works to achieve a society in which anyone can live with safety and peace of mind, whenever and wherever. In line with this philosophy, we are also committed to initiatives to provide customers peace of mind about their valuable personal information.

With respect to the handling of the personal information that SECOM holds, we comply with laws, government guidelines, and other related standards. Furthermore, we prohibit the use of personal information beyond the scope required to achieve the original purpose and have also established measures to ensure handling within this scope. We also implement the necessary and appropriate security measures to prevent information leakage and strictly manage information by conducting employee training and awareness-raising activities.

Every year, all employees are required to participate in e-learning programs and confirmation tests to ensure adherence to basic items and rules. The internal audit departments conduct periodic inspection for items such as handling of personal information, data management, workplace organization, and access control at each office.

Certification for the Privacy Mark

SECOM has received the Privacy Mark certification from JIPDEC (Japan Information Processing and Development Center). The Privacy Mark certification is granted to business operators that take appropriate measures to protect personal information by using management systems in compliance with JIS Q 15001*.

JIS Q 15001: Personal information protection management system requirements

Business Continuity Plans (BCPs)

The SECOM Group provides services for seamless protection of safety and peace of mind 24 hours a day, 365 days a year. With regard to our BCPs, we define responsibilities and rules and establish facilities and systems in order to continue operations in the event of wide-area and large-scale disasters including earthquakes and typhoons, large-scale blackouts, and pandemics.

In the event of disasters, SECOM immediately ascertains the safety of our employees and their families, as well as the extent of damages to each office. The head office disaster response headquarters cooperates with the regional disaster response headquarters in the affected area to take measures for recovery and business continuity. In order to minimize the interruption of services provided to customers, SECOM organizes foundations to continue business operations such as enhancing our emergency power facilities, multiplexing our means of communication, and deploying emergency supplies. These measures are specified in the “Manual for Response to Wide-area and Large-scale Disasters,” in which SECOM defines detailed methods for response as an organization within the first 24 hours after the occurrence of a disaster, securing a system for fast recovery of operations.

In order to strengthen our disaster response capability, we reviewed the emergency supplies deployed in four locations nationwide: Miyagi, Kanagawa, Chiba, and Mie prefectures. As a result, we quickly delivered useful relief supplies to disaster-stricken areas while utilizing our network of offices spread throughout Japan in the 2018 Hokkaido Eastern Iburi Earthquake, the torrential rains in July 2018, and Typhoon Faxai in 2019.

In recent years, Japan has frequently been struck by disasters such as earthquakes and heavy rain. Amid these conditions, helicopters are useful as one part of BCP. SECOM utilized two helicopters on many occasions including the Great Hanshin–Awaji Earthquake, the Great East Japan Earthquake, and the Kumamoto Earthquake. Helicopters that quickly fly personnel and relief supplies over a wide disaster area are becoming increasingly essential for SECOM’s business continuity. Recently, we have further strengthened our capacity to respond to disasters by replacing a helicopter with a newer model and increasing the number of our helicopter personnel.

Risk management for employees stationed overseas

Countermeasures for situations like terrorism or disasters must cover a wide range spanning from preventive measures to avoid incidents and accidents to response measures in the actual incident.

As risk management for employees stationed overseas, SECOM takes measures such as (1) gathering information on disasters and public security conditions, (2) creating crisis management manuals, (3) holding safety education and training for employees and their families, and (4) strengthening security systems for company facilities and residences. In Japan, we also establish support systems, including gathering, analyzing, and providing information on terrorism and disasters 24 hours a day.

Protecting intellectual property

Active participation by all employees is necessary to achieve SECOM’s fundamental philosophy of conducting business that is beneficial to society, as stated in the Constitutions of SECOM Group in Business and Management. Furthermore, inventions that come from “unique and revolutionary technology and ideas” have extremely high value for the businesses of the SECOM Group, and the utilization of these inventions as intellectual property is essential for SECOM to provide unique business and services that far surpass those of other companies.

Therefore, to encourage employees to create inventions and to promote appropriate management and utilization of intellectual property by the company, we have established rules for handling inventions. Also, we set up the Intellectual Property Page on our intranet for employees to refer to these rules and procedures for submitting inventions at any time.

SECOM also respects the intellectual property rights of other parties. We obtain the intellectual property information of other companies in advance and confirm that the products and services provided by SECOM do not infringe on the intellectual property rights of other parties.

As for brand management, SECOM handles the acquisition and appropriate use of trademarks globally, monitoring and eliminating their unauthorized use (in counterfeit goods) to improve the SECOM brand value.

Inventions at SECOM are mainly made by the Intelligent Systems Laboratory, which conducts research on fundamental technology at a high level, and the R&D Center, which develops new security systems and products utilizing the fundamental technology of the Intelligent Systems Laboratory. The revolutionary inventions created by these sections enable the development and supply of highly reliable systems and services in high quality, providing superior performance unique to SECOM.

In July of each year, the SECOM Invention Prize is awarded to employees who created advanced, innovative, and valuable inventions from among the patents that were registered in the previous fiscal year.