Actions for legal compliance
With the understanding that compliance/legal compliance is a minimum requirement for a company to be acting “fairly” as expected by society, we have the following measures in place at our company.
Establishment of Internal Control and Audit Department
We have established the Internal Control and Audit Department, and this department is responsible for taking compliance-related measures, operating a Help Line, developing basic policies and annual plans for internal control, and developing and implementing measures to maintain and improve the level of our internal control system.
This department also submits a periodic report to the Board of Directors on the status of development and implementation of the annual plan for internal control (Internal Control Plan), matters related to the management of ESG risks and other risks including sexual harassment, and other human rights issues.
Establishment of legal affairs section and preparation of internal rules and contract templates
We have established the Legal Affairs and Intellectual Property Department and through this department we take necessary steps to respond to the implementation of new laws and the revision of existing laws applicable to our business, provide consultation concerning contracts and legal compliance related to day-to-day business, and take all other necessary steps in managing our company in strict compliance with the law. We also assign a person responsible for contracts and legal affairs to each section and subsidiary as a contact person with the Legal Affairs and Intellectual Property Department, enabling the smooth sharing and transmission of information within the company and the Group.
As our internal rules and contract templates reflect our legal compliance policy and contract guidelines and other guidelines are readily available, day-to-day work can be systematically and routinely performed efficiently and in compliance with the law.
Legal and contract education
We provide our employees with legal and contract education at the time they join the company, and they participate in group training sessions for specific qualification-based promotions, to inform them of our legal compliance policy and the need for legal compliance in business. We also offer lectures within the company whenever necessary due to the revision of applicable laws or business development.
Thorough management and education regarding intellectual property
Protecting our own intellectual property, and respecting other companies’ intellectual property, is one of the important issues in doing business in the information service industry. The Legal Affairs and Intellectual Property Department manages and provides consultation concerning patents, trademarks, copyright, and other intellectual property rights and informs the entire company of our policy on the management of intellectual property through the person responsible for intellectual property in each section, and the person in charge of intellectual property of each subsidiary.
We take all possible means to protect and manage our intellectual property by preparing training menus for each level of our employees and continuously providing them with intellectual property training.
Internal Control Awareness Survey and e-learning
- We ensure through mandatory e-learning that all officers and employees of NSSOL Group companies have thorough knowledge of all important compliance matters related to our activities (such as violations of labor laws or laws related to procurement from contractors, bribery and corruption, and insider trading).
- Furthermore, we provide our business partners with compliance education tools.
- We distribute (to all officers and employees) Global Business Conduct, which is a code of conduct applicable to all officers and employees of the NSSOL Group, and they carry it with them at all times.
- We identify potential human right risks through an annual internal control awareness survey of employees, and give feedback to employees based on the result.
Establishment and operation of a Help Line
In 2003, we established a Compliance Desk, and in April 2006, in light of the enforcement of the Whistleblower Protection Act, we upgraded it to a helpline and established a new external contact point.Since April 2008, the helpline has been in operation as a contact point for consultation and reporting of human rights violations, including harassment. Currently, the helpline accepts reports and consultations from employees of the Group and their family members, and their privacy is protected by anonymity unless approved by the individual.
Image of Help Line system
At our company, the Audit Office established within the Internal Control and Audit Department is the section responsible for internal audits. This Office prepares important audit topics and conducts annually both desk audits and field audits using a checklist. Once an audit is completed, they prepare a report containing audit findings and recommendations and submit it to the President. To ensure that we operate our business in a more appropriate manner, audit findings and recommendations are followed up as to how they are dealt with.
Actions for information security
With the full implementation in April 2005 of the Act on the Protection of Personal Information, based on our belief that “proper management of information is a minimum requirement for our company engaging in information service as its core business and is the basis of our existence as a company,” we established the Information Management Committee chaired by the President, established internal rules, and implemented other necessary measures. These measures were expanded to the entire Group by September 2008.
Information Assets Protection Policy
We are taking positive action to protect information assets by, among other means, establishing the “Information Assets Protection Basic Policy” and “Personal Information Protection Policy” applicable to all Group companies, providing all of our members including contractors with information assets protection education, and conducting periodic information assets protection audits.
Acquisition of Privacy Mark
“Privacy Mark” certification was granted to our company in February 1999, and has been renewed every two years. This certification was also granted to many of our subsidiaries by September 2008. In December 2001, we acquired both domestic and international information security management system certifications (2 certifications: ISMS and BS7799) for the information system operation service at our Data Center.