Corporate Governance System
Basic policy
The IWATSU Group has set a basic policy on corporate governance of ensuring transparency and incorporating a diverse range of opinions and wide-ranging knowledge, in order to enhance corporate value, achieve unending development, and ensure co-prosperity with stakeholders.
Governance System
As a company with an audit and supervisory committee, IWATSU ELECTRIC has established a General Meeting of Shareholders, Board of Directors, Audit & Supervisory Committee, and Financial Auditor, as well as the Senior Executives Meeting, Risk Management Committee, and Remuneration and Nomination Advisory Committee. The Company has also introduced an executive officer system, with the intention of separating executive and supervisory roles.
In relation to decision-making and the execution of business operations, the Board of Directors engages in correct and efficient decision-making and supervision/monitoring, by electing Outside Directors to incorporate a third-party standpoint, and utilizing the executive officer system. The Company has also strengthened control functions, through coordination between the Audit & Supervisory Committee, whose members include Outside Audit & Supervisory Committee Members, and the Financial Auditor, to ensure an appropriate monitoring system. The Company has adopted the current system because these measures ensure that management monitoring functions are sufficiently objective and neutral.
Internal Controls and Risk Management
Basic Approach
At IWATSU ELECTRIC, we believe that internal controls contribute to enhancing the efficiency and effectiveness of management and protecting and increasing assets, by ensuring compliance with laws, regulations, etc., related to our business activities and an awareness of ideals and ethics in our actions. As a result, we believe that internal controls also serve as the foundation for relationships of trust with investors and other stakeholders.
Based on this belief, the Company has established processes for decision-making and business execution that maintain an awareness of promoting compliance and risk management. The Board of Directors also regularly confirms the effectiveness of these processes and the operational status of our internal control systems. Going forward, we will continue strengthening our initiatives on a company-wide and ongoing basis.
Operational Status of the Internal Control System in Relation to Finance
In fiscal 2021, we performed an assessment using remote technologies alongside other methods, taking into consideration the status of the spread of COVID-19 in the market. As a result, there were no matters classed as “material deficiencies that require disclosure.” The final results of the assessment were disclosed in the “Report on Internal Controls” in June 2022.
Overview of Activities
■ Promotion of compliance
IWATSU ELECTRIC recognizes that it is only possible for a company to maintain ceaseless development by appropriately increasing profit amid fair competition. Based on this understanding, we prioritize compliance with laws and regulations, standards, and rules, as well as consistently considering our social and moral responsibility in our actions, as “compliance.”
■ Development of internal reporting (whistleblowing) system
Ensuring compliance is a precondition for our continuation as a company. Accordingly, it is essential that we have a system for timely communication to senior management and prompt rectification in the event of any possibility of a violation in laws, regulations, etc. The IWATSU Group works to spread awareness of and operate our internal reporting (whistleblowing) system, which we have established in the “IWATSU Group Internal Reporting Management and Operating Regulations.”
■ Operation of Risk Management Committee
IWATSU ELECTRIC considers risk to be any possibility of obstruction to the achievement of our objectives or the occurrence of material loss, including natural disasters, accidents, changes in the external environment, and fraudulent acts. We engage in risk management to ensure that such risks are not overlooked.
Specifically, the Risk Management Committee plays a central role in confirming the status of risk management, identifying points for improvement, and promoting countermeasures, based on monthly meetings.
This committee is chaired by the officer responsible for risk management, and its members consist of the President & Chief Executive Officer, full-time Directors, full-time Audit & Supervisory Committee Members, and Executive Officers.
Fiscal 2021
Main items discussed by the Risk Management Committee
- Confirmation of market status
- Matters related to internal controls (control audit plans, internal control audit progress status, and internal control reports)
- Reports on the results of fire and disaster prevention drills
- Reports on the results of BCP drills
- Reports on the results of targeted attack email drills
- Internal information infrastructure management and measures to address obstacles
- Appropriate management of industrial waste
- Strengthening of risk assessment for chemical substances
Information Security Management
Basic Approach
IWATSU ELECTRIC contributes to the progress and development of society as a solutions vendor offering hardware and software, and providing operational support for systems, particularly in the IT Solution Business. In order to continue contributing to society, we believe it is important that we gain trust.
Based on this belief, we have formulated an “Information Security Policy,” and established an information security management system (ISMS). We will nurture a culture of prioritizing information security through the introduction and operation, monitoring, maintenance, and improvement of the ISMS.
Group companies with information security management system certification
Company name | Certification body / number | Department to which certification applies |
---|---|---|
IWATSU ELECTRIC CO., LTD. | JIC Quality Assurance Ltd. / I296 |
Cloud Solutions Company, Information Systems Dept. |
IWATSU SYSTEM & SOFTWARE CO., LTD. |
JIC Quality Assurance Ltd. / I286 |
ISMS Promotion System
The ISMS Promotion Committee takes the lead in operating IWATSU ELECTRIC’s information security management system.
Every year, the ISMS Secretariat of this committee coordinates with the Personal Information Protection Secretariat of IWATSU ELECTRIC to perform internal audits and management reviews of the personal information protection management system (PMS) and the ISMS, as part of measures to address information security.
Information security management system promotion organization chart
■ System for management through the Computer Security Incident Response Team
The IWATSU Group has established the Computer Security Incident Response Team (CSIRT).
In order to strengthen information security management across the company as a whole, we receive analyses of security information from external institutions, work to raise awareness internally, and share information about security incidents.
■ Social media management systems
IWATSU ELECTRIC has developed “Guidelines for the Use of Social Media” as basic etiquette that applies when using social media in business operations, and we use these guidelines as a set of rules for operating social media.
Overview of Activities (IWATSU ELECTRIC Departments Subject to the ISMS)
■ Internal audits
IWATSU ELECTRIC performs internal ISMS audits once a year. In addition to checking the status of achievement of information security objectives and conformity with related laws and regulations, these audits also check matters such as whether or not the ISMS is being operated in accordance with the ISMS Manual and management regulations.
[Implementation time] July to August 2021*
[Results] No major non-conforming items
■ External inspections
Once a year, IWATSU ELECTRIC receives an external inspection of the conformity and effectiveness of the ISMS from a certification body. We correct or rectify any non-conforming items within a predetermined period. Each department considers ways to respond to opportunities for improvement, and they are confirmed in internal audits.
[Implementation time] December 2021
[Certification body] JIC Quality Assurance Ltd.
[Results] Non-conforming items: 0; opportunities for improvement: 6
■ Management review
Once a year, the ISMS Secretariat and the Personal Information Protection Secretariat of IWATSU ELECTRIC coordinate to perform management reviews of IWATSU ELECTRIC’s PMS and ISMS. In fiscal 2021, we conducted a management review in November, and senior management received reports on matters such as the operational status of these systems, including the results of internal audits, the status of compliance with laws and regulations, and points for improvement.
■ External communication
We endeavor to appropriately respond to inquiries, requests, etc., from stakeholders through internal communication with relevant departments. In fiscal 2021, we responded to five inquiries.
■ Checks of the status of compliance with laws, regulations, etc.
We perform regular checks for amendments to laws and regulations, and reflect the results in our ISMS activities and make revisions as necessary, in order to prevent any violations to our legal, regulatory, or contractual obligations or violations of requirements from a security perspective.
■ Security education and drills
In order to effectively operate our ISMS, we plan and execute education and awareness-raising activities for employees. We also have a system in place that enables teleworking employees to participate through e-learning.
Status of implementation in fiscal 2021
Name of education or drill | Number of participants (people) |
---|---|
General ISMS education (increase awareness of security) |
61 |
Security education (cybersecurity countermeasures) |
• 141 (July 2021) • 835 (March 2022) |
Promotion committee and internal auditor education | 6 |
Education for persons responsible for information systems | 6 |
Targeted attack email drills* | • 1,135 (May 2021) • 1,120 (December 2021) |
ISMS business continuity and emergency drills | 60 |
Personal Information Protection Management
Basic Approach
IWATSU ELECTRIC recognizes that the protection of personal information is an important fundamental aspect of our business activities, and at the same time, it is also an important social responsibility.
Based on this understanding, in addition to complying with related laws and regulations, we have also established our “Personal Information Protection Policy,” and established a personal information protection management system (PMS).
PMS Promotion System
The Secretariat established under the Personal Information Protection Management Committee takes the lead in operating IWATSU ELECTRIC’s PMS. This team plans and implements revisions to regulations concerning the protection of personal information, directions concerning operational inspections for departments, internal audits, external inspections, education for the Company as a whole and responsible employees, etc.
Personal information protection management system promotion organization chart
■ PrivacyMark implementation
Four companies in the IWATSU Group have acquired and implement the PrivacyMark. IWATSU ELECTRIC and three other companies take steps to share information and coordinate activities related to personal information.
Companies in the IWATSU Group that have not acquired the PrivacyMark engage in business activities in accordance with the Act on the Protection of Personal Information and other related laws and regulations. These companies also receive information on activities from companies within the Group that have acquired the PrivacyMark, as part of efforts to enhance the level of our competency in this area across the IWATSU Group as a whole.
Status of PrivacyMark acquisition
Company name | Certification body | Registration number |
---|---|---|
IWATSU ELECTRIC CO., LTD. | Japan Data Communications Association | 21000556 |
IWATSU SYSTEM & SOFTWARE CO., LTD. | Japan Information Technology Services Industry Association | 11820489 |
IWATSU NETWORK SOLUTION CO., LTD. | Japan Data Communications Association | 21000561 |
IWATSU Business Services Co., Ltd. | Japan Data Communications Association | 21004785 |
Overview of Activities
■ Internal audits
IWATSU ELECTRIC performs internal PMS audits once a year.*1 In addition to checking the status of the protection of personal information and conformity with related laws and regulations, these audits also check matters such as the status of compliance and implementation of PMS-related regulations.
[Implementation time] July to August 2021*
[Results] No major non-conforming items
■ External inspections
Once every two years, IWATSU ELECTRIC receives a renewal inspection of the conformity and effectiveness of our PMS from a certification body. We correct or rectify any non-conforming items within a predetermined period. Each department considers ways to respond to opportunities for improvement, and they are confirmed in internal audits. We did not receive an external inspection in fiscal 2021.
■ Management review
Once a year, the Personal Information Protection Secretariat and the ISMS Secretariat of IWATSU ELECTRIC coordinate to perform management reviews of the PMS and ISMS. In fiscal 2021, we conducted a management review in November, and senior management received reports on matters such as the operational status of these systems, including the results of internal audits, the status of compliance with laws and regulations, and points for improvement.
■ Education
Once every six months, IWATSU ELECTRIC provides regular education concerning all aspects of the PMS for all employees, including senior management. We also promote the appropriate protection of personal information through monthly company-wide education.
We also take steps to increase awareness of the protection of personal information among new employees, mid-career hires, and persons seconded from business partners, as part of initial training and acceptance education after joining the IWATSU Group.
Status of implementation in fiscal 2021
Classification | Name of education | Target |
---|---|---|
Regular | First company-wide PMS education in 1H | IWATSU ELECTRIC |
Second company-wide PMS education in 2H | IWATSU ELECTRIC | |
Alternate months | Company-wide PMS education in April | All Group members |
Company-wide PMS education in August | Group companies only* | |
Company-wide PMS education in October | All Group members | |
Company-wide PMS education in February | Group companies only* |
- The content overlaps with IWATSU ELECTRIC’s regular education, so this training is only for “Group companies.”
■ Incident management
IWATSU ELECTRIC manages any incidents that occur, surveys the possibility of personal information leaks, and works to prevent recurrence. Between fiscal 2018 and fiscal 2021, there were losses of digital devices, etc., but the devices, etc., were quickly discovered in all cases, and there were no leaks of information.
Status of occurrence of incidents
Fiscal year | Details of incidents (number of incidents) |
---|---|
2021 | - |
2020 | Loss of smartphone (two incidents), loss of business card holder (one incident), loss of laptop computer (one incident) |
2019 | Loss of smartphone (three incidents), loss of employee ID and insurance card (one incident) |
2018 | Loss of smartphone (two incidents), loss of business card holder (one incident) |
■ Response to feedback from external parties
The IWATSU Group responds sincerely and appropriately to feedback from stakeholders and other external parties.Status of responses
Fiscal year | Details of response (number of cases) |
---|---|
2021 | – Response to feedback related to the sending of emails (one case) |
2020 | - |
2019 | - |
2018 | - |
Business Continuity Planning (BCP)
Basic Approach
IWATSU ELECTRIC believes it is important that we maintain a stable supply of our products and services, by endeavoring to continue business operations whenever possible, even in the event of crises that threaten the lifestyles of citizens and our business activities, and quickly restoring our business operations if they are suspended.
Based on this belief, we strive to facilitate business continuity, by creating systems for the Company to respond promptly, accurately, and in a cross-organizational manner to crises and risks. We have also developed internal regulations related to business continuity.
Examples of expected crises and risks
- Natural disasters
- Major infectious diseases
- Large-scale man-made disasters
- Danger to employees’ lives
- Major damage to customers and related institutions
- Harm by antisocial forces
- Hostile purchases of the Company’s shares
- External leaks of important or personal information
- Major violations of laws and regulations
- Major occupational injuries
Crisis Taskforce System
When a crisis occurs or may occur, the President & Chief Executive Officer shall form a Crisis Taskforce, as necessary, and focus on ensuring business continuity.
Role of the Crisis Taskforce
- To collect information on the relevant crisis.
- To make decisions concerning policies for responding to the crisis, etc.
- To convene stakeholders and hold meetings to discuss countermeasures, as necessary.
- To provide information to public administration and trading partners.
- To take other necessary actions to respond to the crisis.
Structure of the Crisis Taskforce
Role | Member | |
---|---|---|
General Manager | Control of the taskforce and direction/supervision of taskforce members | President & Chief Executive Officer |
Deputy General Manager | Assistant and deputy for the General Manager | All officers with special titles |
General Manager of the Secretariat | Control of administrative matters of the taskforce | Officer responsible for the Management Division |
Members of the taskforce | Collection of information, implementation of countermeasures, and spreading of knowledge among stakeholders | Officers and employees of the Company or Group companies nominated by the General Manager |
Details of Activities
In fiscal 2021, we performed emergency response drills based on the scenario of an earthquake directly underneath Tokyo.
[Implementation time] November 2021
[Subject] All IWATSU Group companies
[Scenario] An earthquake with a seismic intensity of just over 6, when information systems within the Group have not recovered