Corporate Governance / Risk Management
Along with building a strong framework for business execution, Obayashi believes that transparency and sound management are critical to maintaining the trust of society. We always work to enhance corporate governance with that in mind.
We are working to enhance our corporate governance with a view to achieving sustainable growth and increasing our corporate value over the medium to long term. Specific initiatives include transparent, fair, rapid, and resolute decision-making based on the principles of Japan's Corporate Governance Code set out by the Tokyo Stock Exchange.
Over the years, We have striven to earn and maintain the trust of our customers and the communities it serves by upholding its corporate philosophy. For this reason, we not only observe complete compliance with laws and regulations, but also initiate activities to inspire employees to raise their sensitivity to ethical issues and perform their corporate duties in good faith. With this series of measures, awareness of corporate ethics is taking root. The Group will continue to act on each initiative to ensure thorough implementation of compliance and create a sound corporate culture.
Establishment of Information Security Measures
Obayashi has established an Information Security Policy made up of the basic policy on information security and other policies as well as corresponding rules and guidelines. In addition, in accordance with the Obayashi Group Information Security Guidelines, we are working to strengthen information security management at the Group level.
Basic Policy on Information Asset Security (excerpt)
- 1 We will establish information security systems and implement risk mitigation measures.
- 2 We will regularly check security systems and constantly maintain appropriate management systems.
- 3 We will continually conduct training on information security.
- 4 Users and administrators will observe information security- related standards and work to ensure the effective functioning of security systems.
- 5 Users and administrators will observe laws and regulations, among other relevant stipulations, related to information management.
- 6 In the event of an emergency, such as an attack on information assets or the loss of information assets, we will promptly take appropriate measures and minimize damage to the Company.
Initiatives Related to Personal Information Leaks
We promote the installation of file encryption software as a measure for maintaining confidentiality and preventing leaks of personal information files, and each and every employee works to ensure personal information is acquired, used and managed appropriately.
- 1 Comply with laws and regulations, and social mores
- 2 Develop, implement, and continuously improve of privacy compliance program
- 3 Appropriate acquisition, use, and provision of personal information
- 4 Ensure the accuracy and security of personal information
- 5 Respect for rights of the individual
Training on Information Security and Privacy
We conduct training and education programs to reaffirm rules related to information security and privacy and ensure they are rigorously observed.
Business Continuity Plan(BCP)
When infrastructure such as bridges and dams, or facilities owned by our customers is damaged in a disaster, significant social and economic losses are incurred. We are prepared to respond to a range of natural disasters that may affect its customers, including earthquakes or torrential rain. In the event that a customer is affected by a disaster, we maintain a support system that enables our customers' operations to resume in a quick and timely manner.
The Great East Japan Earthquake of March 2011 was compounded by a series of crises including aftershocks, the tsunami, and electricity shortages. Based on these experiences, in November 2011, we revised our business continuity plan (BCP; devised in 2006) to include a basic policy for earthquake preparedness and code for individual behavior.
We believe it is the responsibility of construction companies to ensure the timely restoration of social infrastructure at times of disaster. In addition to setting recovery time objectives (RTOs) for various business processes, our BCP covers the establishment of disaster recovery support centers, emergency contact networks and emergency communication procedures, as well as coordination with suppliers.
Supporting customer's BCP in case of a disaster
Our business continuity management service includes a full range of solutions, from risk assessment to concrete proposals for mitigating risk from disasters. The service estimates the time and cost of restoration work in case of a disaster, and proposes risk mitigation measures that suit each customer's particular situation.