Classification |
Item |
Details |
Response |
Information security risks |
(1) Handling of personal information |
- Leaks, loss, falsification, or unauthorized use of customer information due to natural disasters, accidents, malicious and/or unauthorized access by external parties, and intentional acts or negligence by inside parties
|
- Establish and operate a system for protecting and managing personal information
- Privacy Mark certification
- ISMS, ISO27017 certification and SOC2 reports
- Require all employees to acquire certification in protection of personal information
- Gather information on new legal regulations in Japan and overseas, and implement necessary responses
- Ensure compliance with laws and regulations and manage contractors' safety
|
(2) Equipment and network stability |
- System failures due to natural disasters such as fires and earthquakes, external damage, human error, or other unexpected events that interfere with the use of our equipment and network
|
- Conduct load balancing and periodic backups across multiple servers
- Set up real-time access log checking functions and an immediate notification system for software failures
- Conduct recovery training based on failure scenarios
|
Risks to services |
(3) Service failures, etc. |
- Problems arising in our applications, software, and systems
- Major defects identified that could interfere with our business operations
|
- Build and maintain a highly reliable development system
- Develop and implement incident guidelines for services
|
Risks from external environment |
(4) Internet access environments |
- New internet usage regulations being introduced and having adverse effects
|
- Gather information on internet-related legal regulations, identify issues, and implement solutions
|
(5) Cloud business |
- Increased competition due to the emergence of groundbreaking services from other companies
- Demand for our cloud services falling significantly below our expectations
|
- Create new value
- Proactively introduce new technologies
- Protect our intellectual property rights by obtaining patents, etc.
- Promote M&A, and capital and business alliances
|
(6) Responding to technological innovations |
- Slow responses to technological innovations, etc.
- Unexpected development costs, etc.
|
(7) Competition |
- Increased competition from existing operators and new entrants
|
(8) COVID-19 pandemic |
- Negative impact on new Sansan sales activities due to cautious investment by companies
- Reduced growth of Eight's recruiting services due to companies' reluctance to recruit
|
- Develop services and functions suited to societal changes
- Develop and implement a business continuity plan (BCP) for dealing with infectious disease spread
|
Investment risks |
(9) Upfront investments in advertising and promotions |
- Significantly increased expenditures due to changes in advertising policies and plans
|
- Monitor cost effectiveness of advertising activities
|
(10) Investments such as corporate acquisitions |
- Delayed business planning after an acquisition or investment
|
- Conduct sufficient due diligence on target companies
- Carefully monitor and follow up with target companies
|
(11) System infrastructure investments |
- Unexpected additional investments in hardware and software to ensure stable operation of services
|
- Carefully monitor external access
- Design appropriate system infrastructure investments to accommodate business expansion
|
Human risks |
(12) Establishment of management control system |
- Delays in building a business structure and internal management system to accommodate expansion of the scale of our business
|
- Develop rigorous internal control systems in line with business and employee growth
|
(13) Training and securing human resources |
- Lack of qualified personnel
- Delays in securing sales personnel for Sansan/Bill One, and loss of sales personnel
|
- Actively recruit human resources
- Strengthen systems through internal training, etc.
- Improvement of working environments
|
(14) Dependence on specific individuals |
- Occurrence of any event that makes it difficult for Representative Director Chika Terada to continue working for any reason
|
- Ensure company structure is not overly reliant on the Representative Director
- Strengthen information sharing among board members and the managing organization
|
Legal risks |
(15) Laws and regulations |
- Impacts of new privacy-related laws and regulations in Japan and abroad, as well as laws regulating internet-related businesses, etc.
|
- Gather information on legal regulations, etc., identify issues, and implement solutions
|
(16) Intellectual property right infringement, etc. |
- Claims for damages or injunctions from third parties for patent or trademark infringement
- Third-party infringement of our intellectual property
|
- Conduct patent infringement searches through patent firms
- Apply for and register trademarks
- Implement legal measures
|
Overseas risks |
(17) Launching overseas |
- Difficult to address risks specific to foreign countries
- Delays in monetizing overseas businesses
|
- Gather information and identify issues in regions where business is to be developed, and formulate appropriate business plans
|
Others |
(18) Granting incentives |
- Dilution of existing shareholders' shares from exercising issued stock options
|
- Design stock options with due consideration of market conditions and impacts on existing shareholders
|