The ANA Group Total Risk Management Regulations set out the basic terms of the Group's risk management. Under these regulations, the secretariat of the Group CSR Promotion Committee (Corporate Brand & CSR Promotion, General Administration and Legal & Insurance), CSR Promotion Officers assigned to Group companies, and CSR Promotion Leaders facilitate risk management activities. The role of CSR Promotion Leaders is to promote risk management in each company and department by executing risk countermeasures according to plans and to take swift action while contacting the secretariat in the event of a crisis.
Risk Management from a Preventive Perspective
Under the holding company structure, each Group company implements autonomous risk management activities. At the same time, ANA Holdings has established risk management cycles (risk identification -> analysis -> evaluation -> study and implementation of controls and countermeasures -> monitoring) for the entire group, in order to monitor the risks within each company and request risk management measures. ANA Holdings confirms and evaluates the progress, effectiveness, and level of achievement of the measures taken with respect to significant risks identified in each organization. The company also takes the lead in implementing measures to address issues faced by the entire group, and confirms progress through the Group CSR Promotion Committee.
Crisis Control in the Event of the Materialization of Risk
The ANA Group has constructed a response system based on detailed manuals in order to minimize damage and ensure safe and secure future operations by investigating the causes of crises.
The Emergency Response Manual (ERM) sets out responses to incidents with a direct impact on operations involving the ANA Group's aircraft, and the Crisis Management Manual (CMM) provides responses to other crises including system failures, information leaks, scandals and risks from external sources. Additionally, the ANA group is strengthening its crisis control system groupwide by conducting practical training and drills periodically every year based on a wide range of crisis scenarios, such as accidents and hijackings.
To safeguard information assets, such as the personal information of customers, the ANA Group implements measures devised with reference to technical standards, including ISO 27001 and other global standard guidelines, as well as various laws and regulations.
The ANA Group is working to reduce the incidence of crises involving information leaks. The Group conducts annual Control Self Assessments (CSA) of the status of compliance with the ANA Group Information Security Management Regulations in all group companies and departments, which have been implemented over the years. In addition, since the Fiscal Year 2013, the ANA Group has conducted site visits and interviews by a specialized team, mainly targeting departments of group companies that deal with the personal information of customers, which has resulted in the successful extraction of issues that could not have been identified in the past. Such issues have been addressed accordingly. We have also implemented e-learning-based awareness-raising programs on a quarterly basis for all group officers and employees to enhance awareness among individual employees and instill rules concerning information security. As a result of these ongoing efforts, the number of crisis events has decreased steadily.
In the fiscal year 2014, the ANA Group bolstered its information security measures by implementing enlightening program and establishing new Social Media Guidelines that set forth matters requiring attention when group employees use social media, regardless of whether social media is used for private or professional purposes. In addition, the Group has established an Information Security Center in each group company that possesses information security skills and expertise and has been implementing a range of measures to further boost information security for the entire Group.