Gakken Group has formulated the Gakken Group Basic Rules for Ri sk Management, which outlines fundamental aspects concerning risk management and facilitates the Group's effective oversight of th e diverse risks associated with its operations. Noteworthy risks within the Group's business landscape encompass legal and regulatory risks, vulnerabilities stemming from natural disasters and contagious ailments, concerns related to personal data management, potential ramifications of information system breakdowns, market trends in the publishing sector, intricacies tied to elderly welfare services, childcare support, and educational endeavors like classes and cram schools. Moreover, risks associated with international business expansion and potential devaluations and losses on equity securities are also recognized.
The Group is committed to sustaining the seamless and secure advancement of its undertakings through meticulous management of these risks.
Gakken Group has developed the Gakken Group Basic Rules for Risk Management as an extension of the Group's internal risk management regulations and the foundational policy guiding organizational integrity. Furthermore, the Gakken Group Risk Management Manual has been established to effectively address the diverse array of risks inherent in the Group's operational sphere.To oversee risk management comprehensively, the Risk Management Subcommittee operates under the purview of the Internal Controls Committee. This body convenes biannually to provide reports to the directors. Collaboration with directors responsible for GRC (Governance, Risk Management, and Compliance) and those assigned to risk management roles within each Group company forms an integral part of the Risk Management Subcommittee's functions.
The ensuing fundamental principles guide the assessment and management of various risks:
- Accurately recognize, assess, and analyze risks, taking measures to forestall their materialization and manage them suitably.
- The director overseeing GRC and the individual responsible for risk management compile a "Risk Evaluation Sheet" annually. The Risk Management Subcommittee within the Internal Control Committee then periodically monitors the establishment of risk management systems across each Group company, reviewing the status and considering potential enhancements.
- Concurrently, the Compliance Subcommittee and the Information Security Subcommittee, components of the Internal Control Committee within Gakken Holdings, undertake risk assessments and comprehensive management of compliance risks, information security risks, and personal data risks in collaboration with the Risk Management Subcommittee.
In the event of a disaster risk arising or looming, Gakken Group promptly establishes a Disaster Countermeasures Office, initiating a dedicated disaster response system. Simultaneously, the Business Continuity Measures Secretariat assumes the role of providing support and guidance grounded in the pre-established Business Continuity Plan (referred to as "BCP") that aligns with the Basic Business Continuity Policies. This initiative offers a comprehensive overview of the Group's strategies for business continuity. Moreover, the Business Continuity Office vigilantly oversees the progress of each company's BCP enhancements. This endeavor aims to transition to an all-encompassing BCP framework capable of addressing various disaster scenarios effectively. To further bolster disaster readiness, Gakken Building has prepared a disaster prevention manual and analogous measures for individuals facing challenges in returning home, adhering to the "Ordinance on Measures for Those Who Have Difficulties Returning Home" formulated by the Tokyo Metropolitan Government.
Basic Business Continuity Policy
Gakken Group companies are committed to enhancing their business continuity capabilities on a day-to-day basis. This dedication stems
from the aspiration to earn respect from users and society alike. To achieve this goal, the companies pledge to swiftly execute the following
measures even in times of emergencies:
- Develop comprehensive business continuity plans and diligently implement, operate, and continuously enhance them.
- Prioritize the safety of customers, employees, their families, and users as the utmost concern.
- Each site of every Group company will promptly assess the scale of damage, take proactive measures to contain further harm, and swiftly reinstate operations.
- In times of crises, contribute actively to the swift restoration and recovery of local communities.
To ensure the safety of customers, employees, and their families , as well as to maintain uninterrupted business operations, we have established the "Guidelines for COVID-19 Infection Control." Our efforts include robust implementation of fundamental infection prevention measures such as wearing non-woven masks, handwashing, gargling, regular ventilation, and alcohol disinfection. Additionally, we closely monitor the infection status across Gakken Group companies. We have also consistently mainta ined a Business Continuity Plan (BCP). Moreover, alongside our existing BCP, we have actively overseen the "BCP for Infectious Diseases," a newly devised plan by each company since 2020, geared toward addressing contingencies arising from infectious diseases.
Gakken Group upholds its commitment to respecting and responsib ly managing customers' personal information, aligning with its Corporate Mission and Charter of Corporate Behavior , as evident in the "Declaration on the Handling of Personal In formation." The Group has established a "Privacy Policy" outlining its fundamental approach to personal information management. In strict compliance with the "Act on the Protection of Personal Information," the Group transparently communicates the intended usage of personal information, provides contact details for inquiries, and maintains a robust data management system to ensure the security of the information under its custody.
Gakken Group has implemented a comprehensive Information Securi ty Policy aimed at effectively managing and safeguarding the inf ormation assets held within the organization, including entrusted person al information. This policy is rigorously adhered to by all emp loyees and officers.
Additionally, the Group has established the Basic Regulations for Handling Individual Numbers "My Numbers" and the Gakken Group Information Equipment Management Regulations. These were respectively established in July 2015 and July 2016, with implementation beginning on October 1, 2016. In September 2021, a thorough security assessment was conducted, leading to a review of the Information Security Policy during the latter half of 2022. This review was in response to evolving work patterns, such as the expansion of telecommuting. Changes incorporated i nto the revised policy include modifications to regulations concerning the removal of office computers and their connection to wireless access points. Furthermore, enhancements were made by introducing multi-factor authentication, which mandates multiple verification steps for system access, imposing more stringent measures for the opening, renovation, and closure of websites, and enforcing strict compliance with prohibited actions, such as connecting personal information devices to the company network or altering security function settings.