Our software is cloud-based, so the management and business risks we face primarily relate to information security and technological innovation. Yet we also face risks in areas of high uncertainty, such as changing business practices and user trends due to the COVID-19 pandemic. We strive to stay aware of potential risks that could severely impact our business's management and to either prevent them from manifesting or respond to them if they become a reality. We, therefore, maintain a risk management system and risk response frameworks.
We make an internal audit plan in accordance with the internal audit regulations, and regularly identifies and analyzes risks in the internal audit process. We assess risks extracted at each department from the perspective of the frequency of occurrence and impact level, and strives to prevent and early detect risks.
In case of any occurrence of incidents related to provision of services such as disasters, accidents, unauthorized access and vulnerability matters, each department has established guidelines on structure, chain of command, judgment criteria and response procedures for incidents. Specifically, incidents are classified from three perspectives of confidentiality, integrity and availability, and a degree of priority is given to responses to each risk. Then a decision-maker for judgment on and responses to incidents at each department is appointed.
Classification | Item | Details | Response |
---|---|---|---|
Information security risks | (1) Handling of personal information |
|
|
(2) Equipment and network stability |
|
|
|
Risks to services | (3) Service failures, etc. |
|
|
Risks from external environment | (4) Internet access environments |
|
|
(5) Cloud business |
|
|
|
(6) Responding to technological innovations |
|
||
(7) Competition |
|
||
Investment risks | (8) Upfront investments in advertising and promotions |
|
|
(9) Investments such as corporate acquisitions |
|
|
|
(10) System infrastructure investments |
|
|
|
Human risks | (11) Establishment of management control system |
|
|
(12) Training and securing human resources |
|
|
|
(13) Dependence on specific individuals |
|
|
|
Legal risks | (14) Laws and regulations |
|
|
(15) Intellectual property right infringement, etc. |
|
|
|
Overseas risks | (16) Launching overseas |
|
|
Others | (17) Granting incentives |
|
|