Security Management Office
JGC employees and executives make approximately 5,600 overseas business trips per year, and approximately 500 JGC personnel are stationed overseas at any one time, in 30 different countries.
Therefore, JGC has established Security Management Office available on a 24-7 basis to cope immediately with any risks employees stationed overseas might face, including natural disasters, acts of terrorism, war, pandemics, crimes, riots, traffic accidents, and illness.
JGC puts emphasis on pre-emptive measures for risk prevention, particularly the following three points:
Sharing of Risk Information
Organize and analyze security information, and dispatch necessary information in a timely manner, in order to share risk information among JGC employees.
Establishment of Security Measures/Establishment Support
At JGC construction sites in countries/regions with high security risk, JGC actively supports and instructs the establishment of security measures. By conducting an audit to ensure the effectiveness of such security measures, JGC supports to maintain the best security system.
Fostering the Awareness of Security
JGC provides company-wide security education to deepen each employee's understanding and interest of security.
Crisis Management Operations
Security Management Office takes the lead in implementing a range of measures, such as safety confirmation, buiness trip cancellation, and temporary evacuation, based on the risk level in a given area, according to the Basic Rules for Risk Management
Information Security Management
Handling large volumes of information (specification documents, drawings and reports) is part and parcel of EPC operations. Much of this information contains confidential data received from customers and business partners as well as materials regarding proprietary know-how. As an engineering contractor, it is a matter of course that we work to ensure that these information assets are properly protected.
Meanwhile, it is equally important that the Company's employees, customers and business partners have safe and ready access to essential information in order to ensure that projects scattered throughout the world are carried out smoothly. To this end, we actively undertake information investments which include security countermeasures. These investments help to ensure that information security is maintained at an appropriate level that satisfies the needs of customer and business partners.
Group-wide Information Security Promotion Structure
The JGC Group looks closely at the ISO/IEC 27001 international standard when maintaining its information security management systems. We draw up rules and regulations for each project and put in place the necessary operating structures based on major differences in customer requirements, the operating environment and conditions confronting the Company. From both the technological and human resource perspectives, we take steps to improve the quality of the information security.
Acquiring Information System Platform Certification
The Company's Corporate Administrative & Financial Affairs Division, which is responsible for the planning, construction, operation and management of IT infrastructure, Corporate IT Office and the responsible department of JGC Information Systems Co., Ltd. acquired ISO/IEC 27001 certification in 2006 as a part of effort to ensure the stable operation of information system platforms. Certification entails continuous screening on an annual basis and renewed certification every year. Plans are in place for continuous screening to be undertaken in July 2015.
Business Continuity Plan (BCP)
JGC does not have production facilities such as manufacturing plants, and we conduct our business through our employees, a sophisticated ICT infrastructure and our offices. Consequently, JGC's BCP consists of the following three pillars.
1. Early Confirmation of Employee Safety
In 2004, JGC introduced a "Safety Confirmation System." Today, the scope of the system has been extended to include not only regular employees, but also temporary staff and JGC contract employees who work at JGC. In addition, an emergency contact network has been established in each department as a backup to quickly confirm employee safety.
2. Securing of ICT Infrastructure
In 2006, JGC was the first company in the Japanese engineering industry to obtain ISO certification (ISO 27001) for its information security management systems. In order to maintain and improve information security, we have a backup system and use highly reliable devices. In addition, we have measures in place to respond to accidents and emergencies. We conduct periodic drills, and the resulting increased awareness is reflected in workers' preparedness.
In these ways, we continuously improve our information security through the PDCA cycle and work towards an even more secure ICT infrastructure.
3. Securing of Office Safety
The Yokohama Headquarters of JGC was built in 1997. It was designed for strength meeting or exceeding the new earthquake resistance standards, and would have been largely undamaged even by the severe tremors of the Great East Japan Earthquake. In addition to conducting periodic disaster management training and full preparedness with emergency supplies, provisions and other necessities, we provide positive protection for the safety of people working in our office.