Crisis Management on a Consolidated Basis/ Business Continuity Management (BCM)
Structure and Concept
Crisis Management Structure on a Consolidated Basis
MC has built up a structure for securing the lives and safety of employees and their families as we respond on a consolidated basis to all crises that impact our profit and business continuity (all-hazard approach) by linking together each Group/Regional and National Crisis Management Offices under the management and supervision of the Emergency Crisis Management Officer (Representative Director and Executive Vice President Yoshiyuki Nojima).
All-Hazard Approach
Based on the all-hazard approach, MC has built up an internal structure that anticipates all kinds of risks, such as major natural disasters, acts of terrorism, riots, emerging infectious diseases, supply chain disruptions, legal transgressions, and cyber incidents, and etc. Under usual conditions, in cooperation with the organizations in charge (related corporate staff departments and Business Groups), we build and establish various crisis management measures and structures needed in the event that a crisis does occur, so that we can ensure the safety and ascertain the status of all concerned as part of our initial response, and then act promptly to maintain and recover the infrastructure necessary for business continuity.
In particular, for a serious incident impacting the lives and safety of our employees, as well as continuity of critical business operations, we have a structure in place in which we will respond under the companywide direction of the Emergency Crisis Management Officer, in accordance with our Business Continuity Management (BCM) process on a consolidated basis.
Status of Initiatives in Normal Conditions
Crisis Management
Even in normal times, MC makes necessary preparations in anticipation of natural disasters, acts of terrorism, riots, labor disputes, accidents and any other crises in Japan or overseas that could affect the safety of our employees or the continuity of our earnings, assets and businesses.
Specifically, in addition to our various frameworks, regulations, manuals and systems, we conduct a number of initiatives to increase their effectiveness. As well as organizing earthquake simulation training at the Emergency Crisis Management Headquarters and safety confirmation drills on a consolidated basis, we have also established training on crisis management and safety measures for employees assigned to new posts in order to raise employee awareness.
(Examples of main crisis management initiatives)
-
*
MC also provides individual support to Group companies
-
*
EOC stands for Emergency Operation Center. In the event of a major disruption to the functions of the head office, the EOC, which is responsible for first response operations, has been established at a location separate from the head office to act in place of the Emergency Crisis Management Headquarters.
Business Continuity Management (BCM)
In FY2018, MC adopted “Business Continuity Management (BCM)” for its core business companies (selected from among MC Group companies) to establish and strengthen our consolidated framework designed to equip us with the business continuity capabilities needed to respond appropriately to major crisis situations.
BCM refers to comprehensive management activities based on an all-hazard risk and impact analysis that takes into account the business characteristics (business type and location) of the operating company, which include the formulation of initial response and BCP, establishment of a structure, and implementation of an ongoing PDCA cycle through education and training.
Overview of BCM Initiatives
Business Impact Analysis Framework
We conduct analyses of the “cause incidents” that disrupt core operations and trigger “result incidents,” while taking into consideration the characteristics of operations at each company.
- Cause incidents:
Natural disasters, infectious diseases, technology-related, external incidents, internal faults, legal issues, third-party related - Result incidents:
Human resources (death/unconfirmed safety, inability to report/commute to work), physical resources (damage of manufacturing/distribution or other facilities), supply chains (disruption of distribution channels, disruption of material/fuel supply), information (breakdown of IT systems or damage to electronic data, data manipulation/alteration, information leakage), reputation (product or service quality issues, environmental problems, administrative penalties, suspension of business), money (suspension of cash withdrawals, remittances and/or payments)
BCM Follow-Up Structure
Based on the premise that MC Group companies should develop their own BCM systems, we also provide lateral support by developing BCM development tools, such as BCM guidebooks and BCP samples, and by holding BCM Re-examination / BCM Dialogue.
Implementation Status Monitoring
With regard to the above-mentioned crisis management and BCM initiatives, we are working to improve our crisis management and business continuity capabilities by monitoring and providing various types of feedback, including implementation status at Group companies, using the business plans and other documents from each company (unlisted subsidiaries).
Preparations for Large-Scale Natural Disasters
In the event of a Tokyo Inland Earthquake, MC has established, based on a certain damage scenario derived from data published by the government and local authorities, a system that enables the launch of an Emergency Crisis Management Headquarters (including remote response), safety confirmation of officers and employees / facility damage at MC Group companies on a consolidated basis. Various stockpiles have also been arranged. In addition, we are preparing for a Tokyo Inland Earthquake by drafting and updating BCPs and manuals in each organization, conducting earthquake simulations and other trainings on a regular basis, and reviewing areas for improvement. In addition, through the promotion of BCM on a consolidated basis, we are working to continuously strengthen the business continuity capabilities of each company.
Information Security and Cyber Security Measures
In order to maintain and improve the information security of our company including our major subsidiaries, we have established an internal system, developed relevant regulations for the safe and appropriate handling and management of information assets, and conduct employee training. Furthermore, in order to address cyber-attacks and e-mail frauds aimed at theft and destruction of information, we have implemented appropriate and effective countermeasures, which are not only control measures for information systems but also employee training and checking / implementation of incident response systems including those of major subsidiaries as well as obtaining the latest information in cooperation with specialized external organizations.
Independent Auditors
The MC Audit & Supervisory Committee deliberates on appointments, dismissals, reappointments and non-reappointments of MC’s Independent Auditors, and each year assesses appropriateness of the audit methods and the audit results. If the Audit & Supervisory Committee deems it fit to dismiss or to not reappoint Independent Auditors, a proposal for new Independent Auditors shall be submitted to the General Meeting of Shareholders.