In order to respond promptly and properly to the various risks in business management, Seiko Holdings Corporation has established risk management rules that set the basic policy for risks facing the Group. Also, to perform centralized management of risks that could greatly influence the Group's business, we are engaged in the development and strengthening of the risk management system for the entire Group, led by the Risk Management Committee, with the president and CEO of Seiko Holdings Corporation as chairperson. Furthermore, since FY2017 the Group Risk Management Committee, made up of the representative directors of each group company, has been established to discuss significant risks that demand priority action for the fiscal year, and the necessary response plans. This system allows the representative directors of each group company to verify and share information on the risks facing the whole group.
Additionally, the legal affairs departments are strengthening collaborations between Seiko Holdings Corporation and Seiko Instruments Inc., promoting the creation of systems for legal risk management from an all-inclusive perspective, and collaborating on individual themes.
In FY2017, we undertook measures to ensure compliance with the EU General Data Protection Regulations (2018) throughout the whole group.
Through the use of in-house lawyers we have also taken measures to improve the quality of legal response, such as accelerating risk response and expanding preanalysis of legal risks.
Accommodation of the Revised Personal Information Protection Law
In regard to Seiko Holdings Corporation's handling of personal information, based on our Personal Information Protection Policy we have established our own Personal Information Protection Rules and Personal Information Protection Guidelines, and each year we carry out verification of the understanding and compliance of our employees and executives in relation to these systems. In May 2017, in accordance with the enactment of the Revised Personal Information Protection Law, we revised our own Personal Information Protection Rules and Personal Information Protection Guidelines, and conducted explanatory meetings to encourage understanding among responsible officers within each department.
*Link to Seiko's Personal Information Protection Policy.
Response to Large-scale Disasters
In regard to business continuity planning, Seiko Holdings Corporation has measures in place for responding to large-scale disasters. To ensure continuation of head office functions in the event of a disaster, the head office has earthquake-resistance that exceeds the new earthquake resistance standards by a factor of approximately 1.25, has emergency power supply capable of providing 72 hours of power, and engages in ongoing disaster response training each year with the Emergency Operations Center, to practice responses to large-scale disasters under various imagined circumstances. In March 2018, based on case studies, we conducted combined training with all group companies for response to an imagined level-7 (maximum intensity) earthquake with the epicenter in Tokyo Bay.
Considering that the threat of cyberattacks such as targeted e-mail attacks and malware increases daily due to the changes in ICT usage environment, Seiko Holdings Corporation takes measures to ensure proper regulation of each group company, implementing continuous improvement of countermeasures and increasing awareness regarding information security among employees.
Also, to provide a secure and stable usage environment for our information systems, we aggregate data in a data center with information security systems and disaster countermeasures in place, and through virtualization we ensure efficient server operation and improvement of redundancy.