Risk Management

We have established the Risk Management Committee to identify the Group’s overall corporate business risks, identify a risk map and the divisions in charge, address important risks, and manage them across the organization.

Risk Management

The identification and assessment of risks and opportunities related to sustainability, together with other risks, are deliberated on within the Group by the Risk Management Committee, a part of the ESG Promotion Office. The results of the deliberations are then reported to the ESG Promotion Committee, the Management Council, and the Board of Directors. The risks and opportunities identified and assessed are regularly monitored by the Risk Management Committee, which oversees the initiatives of all divisions involved. The Committee also conducts comprehensive reviews and evaluations of risks.

Acquisition of ISO 27001 (Information Security) Certification

The Group has implemented an information security management system (ISMS) to prevent information leaks, including personal and confidential information held by the Company, and has obtained ISO 27001* certification. 

We will continue to steadily put into practice the PDCA cycle to prevent the operation of information security measures and audits from becoming a formality and promote further reinforcement of information security measures. 

 

*ISO 27001: An internationally standardized framework for information security management, which stipulates that, in addition to specific technological security measures, businesses must analyze their own risks, decide the required security level, develop a plan, assign resources, and administer the framework, and a system for evaluating conformance by a third party.

Business Continuity Plan (BCP) Response

■Unforeseen events response

Following the occurrence of the Great East Japan Earthquake, a BCP working group was established in April 2012 to review the Company’s internal BCP, based on the lessons learned from the earthquake and on the assumption that an earthquake directly hitting the Tokyo metropolitan area would occur.

 

①Enhancement of systems to protect employees

  • Clarification of communication methods in the event that the employee safety confirmation system is not available
  • Clarification of standards of conduct for employees outside of working hours
  • Creation of a portable version of the Employee Disaster Action Manual


 

②Enhancement of communication channels in the event of a disaster

  • Establishment of Internet-based disaster response mailbox system
  • Deployment of priority mobile phones for use during disasters
  • Review of satellite phone deployment


 

③Enhancement of Disaster Response Headquarter

  • Establishment of an alternative Disaster Response Headquarters in the Tokyo metropolitan area, on the assumption that an earthquake directly hitting the Tokyo metropolitan area would occur

■Implementation of Disaster Drills

In November 2025, the Hibiya Engineering Group carried out a disaster drill. This time, instead of the traditional method of answering pre-assigned questions, we changed the method to one in which participants answered questions on the spot about various hypothetical disasters and what initial responses they would take from their own position, and these were checked by everyone.

We also conducted inventory checks of disaster prevention equipment and reported on updates to hazard maps at all locations. In addition, we carried out an e-learning program to improve knowledge related to our BCP.