It is highly important to manage the risks associated with the globalization of business in order to fulfill our social responsibilities towards our stakeholders. Daifuku strives to build a corporate culture that is resilient in the face of emergencies by sharing corporate risks within its group companies worldwide, in order to address all business risk responses to minimize the impact on corporate management, while also being in accordance with its management policies and corporate code of conduct.
Initiative Materiality and relationship to SDGs
- Ensure compliance and prevent corruption
- Promote and strengthen information security measures
- Continuous expansion of business continuity management
CSR Action Plan KPIs and targets for 2020
- Operation and maintenance of the compliance system: Ascertainment of the compliance situation and examination of operations
- Types of training and educational programs regarding compliance: Over 15 types
- Setup and implementation of awareness month: Every year in October
- Revision of internal reporting system: Operation of the system
- Participation rate in the information security training: Participation rate 100%
- Number of training sessions conducted against targeted cyber emails attack: Two times per year
- Risk assessment implementation rate: 100%
- Number of training sessions held for confirming the operational situation of suppliers in an emergency: Two times per year
The Human Resources Department, which is under the control of the CRO (Chief Risk Officer), develops and promotes risk management measures across the Daifuku Group. We organize the “Risk Management Promotion Framework” that is comprised of the heads of each division based on the “Risk Management Rules”, to conduct risk assessments across the Group including overseas affiliates once a year. According to the level of criticality, related divisions take measures to mitigate and minimize risks.
To mitigate natural disaster risks (earthquakes, wind & floods, lightning, fire, new influenza strains), we have developed a Business Continuity Plan (BCP). The Compliance Committee addresses law violation risks with the potential for high impact, and the Information Security Committee focuses on risks related to information security.
Compliance system KPI
We have set up a "Compliance Committee" where our CEO serves as chairman and have established a "Group Code of Conduct" (revised in April 2019 to enhance the group compliance system), while also carrying out activities to ensure legal compliance, fairness and ethics. As a part of these activities, compliance training is conducted to raise the compliance awareness of each of our employees.
To deal with the risk of violations of the law on a global level in recent years, we have enhanced efforts to prevent bribery and observe the competition law according to the Group Code of Conduct.
Specifically, as part of our efforts to prevent bribery and to comply with the anti-corruption laws of each country, we established a system to check in advance if there is a suspected corrupt supply of profit such as with entertainment or exchanging gifts, and we are making efforts to further strengthen anti-corruption as part of the Anti-corruption working Group meeting of the UN Global Compact. (In May 2019, we revised our regulations on bribery in China.) In terms of compliance with competition laws, similar to our efforts of preventing bribery, we have put into place internal rules that comply with the laws of each country, and we practice fair dealings.
Under a clear commitment, the CEO sends messages to all employees to raise their awareness regarding the importance of compliance.
Compliance education and training KPI
In addition to the CEO sending messages to all employees to communicate the their stance on compliance, we also provide continual education and enhancement on compliance to all employees through training programs to familiarize everyone with corporate ethics.
As business with various countries and regions increases with business globalization, we have strengthened compliance education on anti-corruption laws and competition laws in each country. Also, for training programs for position-specific employees such as new employees and newly appointed managers, we provide lectures on the respect of human rights and professional ethics, in addition to compliance with various laws including the subcontractors act and security export control policies, to entrench awareness of compliance. In fiscal 2018, we held 16 types of education and training events (target was 13 or more).
- Position-specific training
- Grobal staff training
- Training for executives
- Seminars on compliance with competition laws and the prevention of bribery
- Presentations on internal reporting system and past compliance cases
Compliance Enhancement Month KPI
We set every October as "Compliance Enhancement Month" and conduct activities to raise the compliance awareness of our employees. Some examples are an interview between a compliance expert and our president in our in-house newsletter, and a wide range of compliance related talks for staff of all levels across the Company.
Providing legal information using the in-house network
We have established a "Daifuku Legal Center" database as a portal site that accumulates various legal information, and is easily accessible by employees. Staff at the legal department post daily on the legal affairs related blog on the in-house SNS, to provide employees with timely access to information and ability to easily exchange that within the Company.
Internal reporting system KPI
To enhance the effectiveness of our internal reporting, we have reviewed our system and formulated a new standard in April 2018. A message from the CEO to the Group reminded all employees that we have established an environment where employees can report any issues in full confidence. Under the new system, anonymous reporting is possible, and the reporting methods include an internal point of contact as well as an external point of contact that is independent of management. In addition, a system is being developed that enables local employees to file a report in their own language.
Through this system, we are working to prevent and early identify cases that include violations of the law, harassment and human rights issues with 24-hour support.
UK tax strategy
Through material handling, the Daifuku Group aims for further growth by balancing business activities and social soundness. In addition to contributing to the development of the country and the region by implementing a fair tax payment, we disclose our tax strategy in the UK on the "Tax Strategy" page of our UK site.
Compliance with Modern Slavery Act
In response to the Modern Slavery Act 2015 of the UK, the Daifuku Group has published an “Anti Slavery Statement 2019” on our UK website.
Information Security Initiatives
Information Security Committee
As threats to information security are becoming increasingly advanced, ingenious and pernicious, it is vital to tackle them through continuous efforts and actions.
We established the Information Security Committee more than 10 years ago to maintain and improve information security across the Daifuku Group.
Considering the globalization of our business and the increasing role that the IoT (Internet of Things) plays for our products and services, it is more important than ever to promote the information security of our products and services. Through evaluating and countering IT risk factors embedded both inside and outside the company, we are promoting information security initiatives that are appropriate for a global enterprise together with our business operations.
- Reinforce regulations and develop policies with the aim of raising the standard of the Daifuku Group’s information security as a whole
- Coordinate with business and investigate information security policies for products and services
- Quantify in a way that is aligned with the KPI settings and establish the objective evaluation of results
Framework for Initiatives
Launch of CSIRT
The mission of the CSIRT (Computer Security Incident Response Team) is to deal with information leaks stemming for example from cyber attacks and respond to any other computer security incidents. The CSIRT is centered on the Information Security Committee, enabling Daifuku to swiftly identify the possible scope of an accident and damage, put first-response measures in place, and investigate causes and means to prevent reoccurrence.
Policies for information security countermeasures
Threats to information security are on the rise and have become increasingly malicious. We therefore prepare for possible attacks through up-to-date and multilevel defense systems in cooperation with specialist security companies.
In cases of information theft which use human psychological techniques or deceitful approaches, prevention is difficult if only relying on infrastructure countermeasures. We will enhance our employees’ information security knowledge and understanding through initiatives by the Information Security Committee, internal training programs and simulated cyber terrorism training sessions.
Participation rate in information security education and training KPI
The goal for fiscal 2018 was 80%, and the actual rate was 80.5%. In addition to the three traditional languages of English, Japanese and Chinese, we have added education in Korean and Spanish, thereby increasing the effectiveness of our global education. We will continue to promote information security education for employees in preparation for new types of cyber attacks in the future.
Number of training sessions conducted for targeted cyber attack emails KPI
The goal for fiscal 2018 was to hold two sessions, and the actual number of sessions was two. In addition to the three traditional languages of English, Japanese and Chinese, we added training in Korean and used the training results and feedback for consideration to increase the effectiveness of our training. We will continue to promote employee training to prevent information leaks resulting from cyber attacks in the future.
Business Continuity Plan (BCP) Initiatives
We have established a BCP (Business Continuity Plan) for emergency situations. It places highest priority on human life, while also aiming to minimize damages to business assets and make the continuation and early recovery of business possible. Furthermore, we are expanding education, training and disaster prevention equipment related to disaster risk management, with the aim of heightening the effectiveness of the BCP. For our overseas group companies, in addition to our existing questionnaire surveys, we have implemented hearing surveys at each location to promote the ascertainment and sharing of the risks that can occur locally. Moving forward, we will further strengthen the BCP activities of the whole group and construct a corporate culture that is resilient in the face of emergencies.
BCP site basic survey (Daifuku affiliates and office)
By periodically visiting all Daifuku Group sites worldwide, we ascertain the preparations needed for natural disaster risks, as well as exchanging and sharing information about risk related to compliance, information security and labor and health management.
BCP training and education
In order to heighten the risk awareness and understanding of BCP for each employee, we invite an external instructor every year to hold a BCP Seminar targeted at every staff member. In addition, for our position-specific training that includes new staff training, we continuously provide education to heighten risk awareness by implementing BCP training with content that matches the requirements of each person’s role. Due to the increased risk that comes from globalized business development, we work towards securing the safety of international travelers through the appropriate transmission of local danger information, not just to our overseas subsidiaries but also to our expatriate personnel.
Risk assessment implementation rate KPI
Risk assessment is a procedure to identify and analyze risks that can affect a business. We achieved a risk assessment implementation rate (return rate) of 100% in fiscal 2018. We implement business risk assessments for all subsidiaries and Group companies including those overseas, with the aim of quickly identifying risks in business activities.
*You can scroll horizontally.
Number of training sessions conducted for supplier disaster situation reporting KPI
The goal for fiscal 2018 was to hold two sessions, and the actual number of sessions was two. As part of a scheme to strengthen our business continuity plan, emergency information is shared and also utilized to promptly restore the whole supply chain and normalize operations.
Obtained highest DBJ BCM Rating by the Development Bank of Japan
In February 2017, the Development Bank of Japan (Main office: Chiyoda-ku, Tokyo; subsequently referred to as “DBJ”) awarded us their highest rating as "a company with excellent initiatives for disaster risk reduction and business continuity management."
Countermeasures for disaster emergencies
We distribute a Survival Handbook to every employee, which summarizes information about initial responses when an earthquake occurs, safety securement and evacuation procedures and safety verification contact methods towards family and the company. We are also strengthening our disaster emergency countermeasures by installing fixed antennas for satellite mobile phones at each regional branch, arranging safety helmets for expatriate staff and visitors, and replenishing our emergency stockpile.