Crisis Management Structure and Activities The Yamaha Motor Group works to minimize the damage from and quickly resolve crisis situations as per the Rules for Initial Response to an Emergency.In the event of a disaster, accident, or compliance-related incident at the Group, the division involved will report to the risk management supervisory section or the divisions in charge of risk management as per standards for determining the level of reporting, which are set in advance. If the reported event is of a scale significant enough to warrant the involvement of Group management or multiple divisions and/or companies, the risk management supervisory section will refer the matter to a response team designated in advance, and an Emergency Countermeasure Headquarters, chaired by the president, will be established. The headquarters will work to understand the situation and formulate a provisional response and, if necessary, will promptly report on the matter to customers and related parties. Business Continuity Plan (BCP) Formulation To prepare against envisioned risks that could impact the continuity of our business, Yamaha Motor has formulated the Rules of Business Continuity and responds as per those rules.Yamaha Motor’s primary operations are concentrated in Shizuoka Prefecture and could be affected if a major earthquake were to occur in the Nankai Trough. To prepare for this, we have formulated a BCP to maintain the continuity of business operations, based on the damage projected by government bodies, and are placing foremost priority on the lives and safety of our employees.Specifically, buildings and equipment have been made earthquake and tsunami resistant; emergency stockpiles of food, water, and other essen-tials are maintained; emergency methods for telecommunications are in place; and Companywide evacuation drills (including at Group companies located nearby and night drills) and safety confirmation drills are carried out regularly. Also, regular initial response drills are carried out at the headquarters and individual business units, procedures to restore opera-tions have been clarified, and a system for gathering supply chain infor-mation is in place. These and other measures addressing both tangible and intangible effects are carried out comprehensively and continuously.Another concern is the outbreak of a potentially global pandemic. To prepare for this possibility, Group companies identify issues that could affect the continuity of their operations and formulate response plans. Drills simulating actions to be taken at various stages prior to the full-scale outbreak of a pandemic are carried out regularly, and a structure is in place to guarantee that businesses are able to continue operating. Cybersecurity Cyberattacks have become increasingly advanced and sophisticated in recent years, and businesses are faced with a heightened risk of infection by computer viruses, leakage of personal and confidential information, and information system failures. The Yamaha Motor Group has thus established a Cybersecurity Policy with the aim of protecting the products and services used by our customers, as well as our information assets.In addition to the basic defensive measures already in place, such as monthly vulnerability analysis that includes anti-malware measures, the Group has a Security Operation Center (SOC) that monitors for irregulari-ties to enable early detection and response, and a Computer Security Incident Response Team (CSIRT) that responds to incidents to prepare for contingencies. The Group also provides training to increase employees’ cybersecurity literacy, conducts assessments to ascertain the situation at each Group company and develop improvement plans, and makes other ongoing efforts to reduce cybersecurity risks. Information Management Initiatives The Yamaha Motor Group formulated the Yamaha Motor Group — Personal Information Protection Policy in 2003 and complies with the local laws and regulations related to the protection of personal informa-tion in each of the countries in which it operates.In Japan, in line with the 2017 revisions to the Act on the Protection of Personal Information, we made corresponding changes to the Group Operational Guidelines for Protecting Personal Information that was already in effect at the headquarters and the Group’s subsidiaries. As with measures like the General Data Protection Regulation (GDPR) enacted by the European Union in 2018, stricter regulations for the protection of personal information are being enacted in various countries and the Company is working together with its regional subsidiaries toward global compliance.Departments handling personal information are monitored annually for performance and/or subject to internal audits, and employees hand-ling personal information undergo training and education via compliance seminars held by the risk management supervisory section and/or e- training. The divisions in charge of risk management also provide direct advice and guidance and other measures to ensure that customer infor-mation is handled appropriately. In fiscal 2019, no complaints were filed by any authority concerning violations of our customers’ privacy.69Yamaha Motor Co., Ltd. Integrated Report 2020
元のページ ../index.html#71