16.Peace, Justice and Strong Institutions
The Coca-Cola Bottlers Japan Holdings Inc. Group (CCBJH Group) has set up 1) the standing Risk Management Committee, which formulates basic policies, and deliberates and decides risk prevention activities; 2) the Crisis Management Committee, which decides and leads the response when a major problem or accident occurs; and 3) the Disaster Countermeasures Task Force, which deliberates and initiates the business continuity plan (BCP) when a wide-area disaster occurs that signifi cantly impacts business activities.
All Coca-Cola Bottlers Japan Holdings Inc. Group companies and departments implement PDCA cycles and engage in risk prevention activities. Those responsible for risk management have the ability to make autonomous decisions and serve as the Group's fi rst line of defense. Risk monitoring by the department in charge of ERM*1, which handles the administrative duties for the committees listed above, is the second line of defense. Assurance by the internal audit department is the third line of defense. If an incident occurs, the Group gathers information and discusses an initial response and solutions using the Coca-Cola system's Incident Management and Crisis Resolution (IMCR) protocols, and the president of CCBJH may convene the Crisis Management Committee if needed.
*1 Enterprise Risk Management: A process used in the overall management of any risk that could occur in the course of business
*2 Emergency Planning
The CCBJH Group, in cooperation with The Coca-Cola Company, held an ERM Global Workshop led by Mr.Gerold Knight, Chief Risk Offi cer of Coca-Cola Hellenic Bottling Company, for the leadership of Coca-Cola Japan and the Coca-Cola bottlers in Japan.
Members of the Coca-Cola system confi rmed the importance of routinely engaging in risk prevention, and earnestly and strategically engaging in integrated risk management.
In July 2018, Japan was struck by a concentration of torrential rains, especially in western Japan, which inflicted damage on many facilities including those of the Coca-Cola Bottlers Japan Inc. Group (CCBJH Group) . During this natural disaster, Coca-Cola Bottlers Japan Inc. (CCBJI) put its business continuity plan (BCP) into action. While quickly establishing a framework for restoring its main operations and collaborating with related divisions, CCBJI moved forward to systematically deploy the necessary corporate resources.
As the record rainfall continued, a nearby river's banks overfl owed and inundated the Hongo Plant, halting operations at manufacturing facilities and automated warehouses. As the impact spread, aff ecting plants, warehouses, and the logistics function for the region, the fi rst action was to put in place an emergency response headquarters. We simultaneously set up a response offi ce on-site and, the very next day, dispatched managers from the HR, General Aff airs, and SCM functions to coordinate actions at the plant. CCBJI also began to provide food and personal necessities to employees. The rain had caused damage to the homes and vehicles of many employees and because of the time it took for the power and water supply to be restored, it was more than a week before employees were able to return to work. During the intense heat of summer, while exercising proper precaution against heat exhaustion and serious injury, employees rallied together to carry out the restoration work. Furthermore, because the water supply to the surrounding area was interrupted for an extended period of time, manufacturing water that remained in the supply tanks and emergency water delivered from nearby plants was distributed to people in the neighboring areas, and CCBJI provided a location for the Japanese Self-Defense Force to set up the water distribution center.
Damage to equipment, other property assets, and inventories, along with disruptions to the transportation network, had a major impact on product supply and distribution. There was an increase in demand due to a heat wave, which caused continual product shortages. We visited our business partners to explain the diffi cult situation and gain their understanding, but we also put together a support network that allowed us to distribute products from other areas of the country.
Information regarding risk management will be consolidated and have central management ensured, whereas decisions regarding them will be made in a transparent, fair, prompt, and accurate manner.
(1) Activities for managing risks that have materialized
“Additionally to implementing initial response for the accidents and incidents that have occurred in an appropriate and prompt manner, we will thoroughly identify, assess, and respond to the risks that have materialized, investigate the cause for such materialization, and execute recurrence prevention.”
(2) Activities for preventing potential risks
“We will acknowledge the risks that may materialize in the future, or the potential risks at an earlier timing, and execute the activities for preventing them from materializing.”
３．The basic concept
(1) We will make an effort to minimize the negative impact that would be provided onto business operation.
(2) We will prioritize the safety and health of the local communities and the stakeholders at the highest priority.
(3) We will maintain the brand image and reputation for Coca-Cola System and its products.
(4) We will conform to all laws and regulations, social rules, and code of business conduct / regulations / other internal rules for the Group that are applied onto business operation.
(5) We will correspond to the regional communities and the stakeholders in an earnest and sincere manner.
４．Preparing operational manuals
This Policy is specifically stipulated by other regulations and operational manuals, and are being executed.
The employees of outsourced business partners’ who are closely related with CCBJI Group’s businesses are also requested to understand the concept of this Policy, and to implement appropriate actions.
The policy is enacted and enforced effective January 1, 2018.
1. Information and environment that are subject to this policy
(1) All information arising from the Company’s business activities (regardless of forms, such as documents, data and memories)
(2) All computer devices, networks, facilities, equipment and fixtures used in the Company’s business operations
2. Basic principles to follow when using operation systems and computer devices
(1) Compliance with laws and regulations related to information security, this policy, and company rules
(2) Compliance with rules on the use of the IT environment
(3) Adherence to information handling authorities
(4) Prohibition of taking out and using devices and information for purposes other than the original intent
(5) Implementation of measures to prevent information leakage
(6) Implementation of measures to prevent malware infection
(7) Implementation of periodic security training
3. Basic principles to follow when developing systems and creating a database
The Company shall establish, maintain and strictly control the IT system environment and facilities, etc. that contain such systems, allowing only relevant employees to access them and properly protecting them from such threats as wiretapping, destruction, loss and suspension, within the scope necessary for business continuity.
4. Information security training
The division responsible for information security shall provide information security training to officers and employees of the Company on a regular schedule. New employees and mid-career employees shall also be provided with information security training as necessary.
5. Protection of facilities
Facilities that store the Company’s information assets, such as the head office, plants, sales centers, warehouses and all other CCBJI Group facilities, shall be properly protected from such threats as intrusion, theft, destruction, disappearance and falsification, in accordance with separately defined rules on security of facilities.
6. Violation of this policy
Any CCBJI Group employees who intentionally or negligently violate this policy and cause serious security infringement shall be dealt with strictly in accordance with internal rules.
7. Implementation of information security audits
The Company shall implement, both periodically and as necessary, information security audits of the information security framework that the Company should adhere to and of suppliers who handle classified information of the Company, based on relevant laws and regulations.
8. Information security strategies
The Company shall define and execute information security strategies with the aim of identifying security risks that could obstruct its business activities and limiting their impact within an acceptable range.
9. Other (scope of application)
This policy shall be applied not only to officers and employees of the CCBJI Group but also to those who are involved in the Company’s operations on consignment from the CCBJI Group.
10. Supplementary clause
The policy is enacted and enforced effective January 1, 2018.