It is highly important to manage the risks associated with the globalization of business in order to fulfill our social responsibilities towards our stakeholders. Daifuku strives to build a corporate culture that is resilient in the face of emergencies by sharing corporate risks within its group companies worldwide, in order to address all business risk responses to minimize the impact on corporate management, while also being in accordance with its management policies and corporate code of conduct.
Initiative Materiality and relationship to SDGs
- Ensure compliance and prevent corruption
- Promote and strengthen information security measures
- Continuous expansion of business continuity management
CSR Action Plan KPIs and targets for 2020
- Operation and maintenance of the compliance system: Ascertainment of the compliance situation and examination of operations
- Types of training and educational programs regarding compliance: Over 15 types
- Setup and implementation of awareness month: Every year in October
- Revision of internal reporting system: Operation of the system
- Participation rate in the information security training: Participation rate 100%
- Number of training sessions conducted against targeted cyber emails attack: Two times per year
- Risk assessment implementation rate: 100%
- Number of training sessions held for confirming the operational situation of suppliers in an emergency: Two times per year
The Human Resources Department, which is under the control of the CRO (Chief Risk Officer), develops and promotes risk management measures across the Daifuku Group. We organize the “Risk Management Promotion Framework” that is comprised of the heads of each division based on the “Risk Management Rules”, to conduct risk assessments across the Group including overseas affiliates once a year. According to the level of criticality, related divisions take measures to mitigate and minimize risks.
To mitigate natural disaster risks (earthquakes, wind & floods, lightning, fire, new influenza strains), we have developed a Business Continuity Plan (BCP). The Compliance Committee addresses law violation risks with the potential for high impact, and the Information Security Committee focuses on risks related to information security.
Compliance system KPI
Daifuku set up a Compliance Committee chaired by our president, and have established a Code of Conduct, while also carrying out activities to ensure compliance, fairness and morality.
As a part of these activities, compliance training is conducted to raise the compliance awareness of each employee. Also, as a response to strengthened regulations around the world, the Group established the “Rules for Complying with the Competition Law” and the “Rules for the Prevention of Bribery” that detail rules, basic regulations and specific countermeasures for compliance with the competition law and prevention of bribery.
Compliance education and training KPI
The president sends messages to all employees to raise their awareness regarding the importance of compliance.
In addition, regarding the competition law and bribery prevention compliance, which have become more important on a global level in recent years, we promote education and enhancement through our in-house newsletter and training programs, as well as group training regularly held at all of our branches worldwide.
As for training programs for position-specific employees such as new employees and newly appointed managers, we provide lectures on the respect of human rights and professional ethics, in addition to compliance with various laws including the subcontractors act and security export control policies, to entrench the awareness of compliance. In fiscal 2017, we held 13 types of education and training events (target was 12 or more).
- Position-specific training
- Grobal staff training
- Training for executives
- Seminars on compliance with competition laws and the prevention of bribery
Compliance Enhancement Month KPI
We set every October as "Compliance Enhancement Month" and conduct activities to raise the compliance awareness of our employees. Some examples are an interview between a compliance expert and our president in our in-house newsletter, and a wide range of compliance related talks for staff of all levels across the Company.
Providing legal information using the in-house network
We have established a "Daifuku Legal Center" database as a portal site that accumulates various legal information, and is easily accessible by employees. Staff at the legal department post daily on the legal affairs related blog on the in-house SNS, to provide employees with timely access to information and ability to easily exchange that within the Company.
Revision of internal reporting system KPI
To enhance the effectiveness of our internal reporting, we have reviewed our system and have formulated a new standard in April 2018. A message from the top management to the entire group reminded employees that we have established an environment where staff members can report any issues in full confidence. The new framework provides for two separate routes, one being a company-internal contact point and the other an independent third-party contact point. Anonymous reporting is possible, and staff members worldwide can use their own language for reporting.
UK tax strategy
Through material handling, the Daifuku Group aims for further growth by balancing business activities and social soundness. In addition to contributing to the development of the country and the region by implementing a fair tax payment, we disclose our tax strategy in the UK on the "Tax Strategy" page of our UK site.
Compliance with Modern Slavery Act
In response to the Modern Slavery Act 2015 of the UK, the Daifuku Group has published an “Anti Slavery Statement 2018” on the website of our UK subsidiary Daifuku Logan Ltd.
Information Security Initiatives
Information Security Committee
As threats to information security are becoming increasingly advanced, ingenious and pernicious, it is vital to tackle them through continuous efforts and actions.
We established the Information Security Committee more than 10 years ago to maintain and improve information security across the Daifuku Group.
Considering the globalization of our business and the increasing role that the IoT (Internet of Things) plays for our products and services, it is more important than ever to promote the information security of our products and services. Through evaluating and countering IT risk factors embedded both inside and outside the company, we are promoting information security initiatives that are appropriate for a global enterprise together with our business operations.
- Reinforce regulations and develop policies with the aim of raising the standard of the Daifuku Group’s information security as a whole
- Coordinate with business and investigate information security policies for products and services
- Quantify in a way that is aligned with the KPI settings and establish the objective evaluation of results
Framework for Initiatives
Launch of CSIRT
The mission of the CSIRT (Computer Security Incident Response Team) is to deal with information leaks stemming for example from cyber attacks and respond to any other computer security incidents. The CSIRT is centered on the Information Security Committee, enabling Daifuku to swiftly identify the possible scope of an accident and damage, put first-response measures in place, and investigate causes and means to prevent reoccurrence.
Policies for information security countermeasures
Threats to information security are on the rise and have become increasingly malicious. We therefore prepare for possible attacks through up-to-date and multilevel defense systems in cooperation with specialist security companies.
In cases of information theft which use human psychological techniques or deceitful approaches, prevention is difficult if only relying on infrastructure countermeasures. We will enhance our employees’ information security knowledge and understanding through initiatives by the Information Security Committee, internal training programs and simulated cyber terrorism training sessions.
Participation rate in information security training KPI
The goal for fiscal 2017 was 70%, and the actual rate was 77.7%. This year we implemented training for the first time on a global basis. As threats to information security are becoming increasingly sophisticated and malicious, we will tackle them through continuous efforts and actions.
Number of training sessions conducted for targeted cyber attack emails KPI
The goal for fiscal 2017 was to hold one session, and the actual number of sessions was one. In the first global training program, we strengthened efforts by the Daifuku Group to defend information assets such as personal information and confidential information from cyber attacks.
Business Continuity Plan (BCP) Initiatives
We have established a BCP (Business Continuity Plan) for emergency situations. It places highest priority on human life, while also aiming to minimize damages to business assets and make the continuation and early recovery of business possible. Furthermore, we are expanding education, training and disaster prevention equipment related to disaster risk management, with the aim of heightening the effectiveness of the BCP. For our overseas group companies, in addition to our existing questionnaire surveys, we have implemented hearing surveys at each location to promote the ascertainment and sharing of the risks that can occur locally. Moving forward, we will further strengthen the BCP activities of the whole group and construct a corporate culture that is resilient in the face of emergencies.
BCP site basic survey (Daifuku affiliates and office)
By periodically visiting all Daifuku Group sites worldwide, we ascertain the preparations needed for natural disaster risks, as well as exchanging and sharing information about risk related to compliance, information security and labor and health management.
BCP training and education
In order to heighten the risk awareness and understanding of BCP for each employee, we invite an external instructor every year to hold a BCP Seminar targeted at every staff member. In addition, for our position-specific training that includes new staff training, we continuously provide education to heighten risk awareness by implementing BCP training with content that matches the requirements of each person’s role. Due to the increased risk that comes from globalized business development, we work towards securing the safety of international travelers through the appropriate transmission of local danger information, not just to our overseas subsidiaries but also to our expatriate personnel.
Risk assessment implementation rate KPI
Risk assessment is a process to identify and evaluate risks that can affect a business. We have implemented risk assessments for all companies of the Daifuku Group in fiscal 2017 (100% return rate).
*You can scroll horizontally.
Number of training sessions conducted for supplier disaster situation reporting KPI
The goal for fiscal 2017 was to hold one session, and the actual number of sessions was two. We are currently building a supply chain emergency communication system as a part of the BCP, aimed at around 150 of our most important suppliers.
Obtained highest DBJ BCM Rating by the Development Bank of Japan
In February 2017, the Development Bank of Japan (Main office: Chiyoda-ku, Tokyo; subsequently referred to as “DBJ”) awarded us their highest rating as "a company with excellent initiatives for disaster risk reduction and business continuity management."
Countermeasures for disaster emergencies
We distribute a Survival Handbook to every employee, which summarizes information about initial responses when an earthquake occurs, safety securement and evacuation procedures and safety verification contact methods towards family and the company. We are also strengthening our disaster emergency countermeasures by installing fixed antennas for satellite mobile phones at each regional branch, arranging safety helmets for expatriate staff and visitors, and replenishing our emergency stockpile.