Group-Wide Risk Management System
Based on effective and efficient risk management systems, the Kajima Group strives to identify risks in its businesses and operations and to prevent them from materializing. The Group also works to keep improving corporate value by winning the trust of stockholders, customers, and others with timely information disclosure.
The Management Committee and special-purpose committees ascertain business risks and deliberate on countermeasures, including for new businesses and real estate development investments.
With respect to operational risks such as those related to legal or regulatory compliance violations, a department is designated to be responsible for each risk, and the Compliance and Risk Management Committee (chaired by the President) ascertains and evaluates the operational status of the risk management system and deliberates on the risk management policy and how to address major risks, among other matters. Results are reported to the Board of Directors, which supervises the operational status of the risk management system.
The Risk Management Liaison Committee, which is comprised of the persons in charge at the Head Office department responsible for risk management, meets regularly to report and share risks that have materialized in the Group, revisions to laws and regulations, social trends, circumstances at other companies, and risk communication methodologies, and it reports important information to the Compliance and Risk Management Committee as appropriate.
To improve the effectiveness of risk management activities, Kajima analyzes risks based on the frequency of their materialization and the impact, selects operational risk aspects of corporate activities requiring priority management as “priority risk management issues” to be applied across the Group, and implements risk management from the perspective of prevention at the beginning of each fiscal year.
Risk Management Framework
Risk Management Activity Cycle
The Kajima Group handles a wide range of information, including that relating to buildings, customers, management, technology and intellectual property. The Group adheres to an information security policy and conducts thorough risk management in order to protect such information, including from external attacks or leakage due to negligence.
Employees throughout the Group take an annual online course on information security, which raises awareness to prevent incident recurrence. Course education and training topics include risks associated with the use of cloud services and threats such as targeted email attacks.
At its offices, Kajima conducts regular inspections and audits to evaluate and improve physical, personal and technical measures. For partner companies, Kajima also distributes standard check sheets, awareness posters, and educational materials, such as video provided by the Japan Federation of Construction Contractors, to improve the level of information security at its partners.
Kajima is addressing today’s increasingly diverse and sophisticated cybersecurity threats in accordance with the Cybersecurity Management Guidelines from Japan’s Ministry of Economy, Trade and Industry. The KAJIMA Security Incident Response Team (K-SIRT) is a member of the Nippon CSIRT Association and stays on top of the latest trends in security and cyber-attacks, cooperating on a regular basis with external organizations and CSIRT teams at other companies. Kajima is also strengthening its protection and detection measures, as well as its systems for monitoring unauthorized access, computer viruses and other events, and it quickly addresses all potential threats to minimize potential damage. We also conduct cyber-attack simulation drills to enhance Kajima’s organizational response and business continuity capabilities.
Information Security Management Framework
Multi-Hazard Business Continuity Plan (BCP)
When a major earthquake, wind or flood damage, or other natural disaster occurs, the construction industry must quickly mobilize to ensure business continuity and the rapid recovery of vital social infrastructure, including the reopening of roads and the repair of bridges.
As a member of the Japan Federation of Construction Contractors that receives requests from the Government of Japan, Kajima operates and updates a BCP and conducts regular drills to prepare for contingencies. The Company has earned the Business Continuity and Disaster Recovery Certification for Construction Companies*1 and the Resilience Certification*2.
1. A program offered by the Kanto Regional Development Bureau under the Ministry of Land, Infrastructure, Transport and Tourism to evaluate and certify the basic business continuity capabilities of construction companies.
2. With the aim of enhancing disaster preparedness in Japan, this program provides certification to entities that are actively engaged in business continuity efforts. They are certified as organizations that contribute to national resilience through their preparations for large-scale natural disasters.
Kajima is enhancing its cooperation with local governments and public infrastructure operators via disaster preparedness agreements to support recovery after a disaster, as well as preparing Group-wide frameworks capable of rapidly responding to foreseeable disasters, such as wind and flood damage. Furthermore, Kajima continues to enhance its supply chain and business continuity capabilities by formulating and providing BCP manuals to partner companies.
Action for Overseas Risks
Kajima has established an International Emergency Response Committee (Chairperson: President) to ensure the safety of employees and their families when emergencies arise outside of Japan. In the event of a terrorist attack, large-scale natural disaster, conflict or other emergency outside of Japan, Kajima focuses first on gathering information to verify the safety of employees and their families and next on providing aid to the affected area.
Kajima is raising awareness of the manual on preparedness measures and emergency response among employees on assignment outside of Japan and is providing information and alerts on security, epidemics and other concerns to employees traveling internationally.