Continuous Strengthening of Corporate Governance
Remaining Trustworthy and Mission-oriented
As we continue to provide global ICT services that have become embedded in social infrastructure, we must ensure that our management foundation covers all the required elements, which are diverse. They include an efficient and nimble business organization, an open corporate culture, and a risk management system capable of flexibly responding to emergencies such as accidents and natural disasters. At the NTT Communications Group, we take a thorough, Group-wide approach to ensuring efficient governance and solid compliance in order to continue contributing to the development of a sustainable society. In recent years in particular, we have been working diligently to prevent and thwart cybercrime, which has become a serious social problem.
◆ CSR Priority Activities
Corporate Governance Structure
NTT Communications has adopted a governance structure based on a system of Board of Directors and Board of Corporate Auditors to bolster its governance functions.
The Board of Directors comprises 18 members and is chaired by the president. In principle, it meets once a month to make key management decisions in compliance with laws and regulations, the Articles of Incorporation, and the Board of Directors’ rules.
The Board of Corporate Auditors comprises three auditors.
In addition to attending important meetings such as those of the Board of Directors, they hold meetings of the Board of Corporate Auditors to audit the execution of directors’ duties with an emphasis on confirming the legality and appropriateness of management decisions.
A dedicated organization and staff facilitates efficient audit operations.
The corporate auditors seek to strengthen the audit structure by periodically sharing information on audit plans and results with accounting firms and relevant parties to maintain close cooperation.
We also set up an Internal Audit Department within the head office to conduct annual internal audits by selecting audit items based on the results of risk assessment to minimize or prevent management risks and boost corporate value.
◆ Corporate Governance Structure
Directors are appointed with the expectation that they will utilize their extensive knowledge and insight in their respective fields.
◆ CSR Priority Activities
Compliance Promotion Framework
In view of the growing awareness of compliance, the NTT Communications Group goes well beyond merely adhering to laws and ordinances. We engage in our daily operations in accordance with high standards of corporate ethics to retain the trust of all stakeholders, including customers, business partners, shareholders, and society as a whole.
We have established a system to promote compliance with the Compliance Committee, chaired by the director in charge of compliance, and compliance promotion leaders and staff are assigned in each unit. With the ongoing globalization of the Group’s business, compliance risks have become increasingly complex in nature. In response, we formulated Global Compliance Regulations in July 2015 as a common compliance policy for Group companies in Japan and overseas. We have been promoting compliance management across the Group through disseminating top management messages, training employees, and conducting internal audits to confirm and improve ongoing initiatives at each Group company.
Looking ahead, even as we respond to the evolving business environment, management and all Group employees will engage in ethical business practices and seek to strengthen the Group’s compliance system worldwide.
Initiatives for Preventing Corruption
To prevent corruption, including bribery and bid-rigging, NTT Communications adheres to the National Public Service Ethics Code and formulates and operates guidelines and manuals for preventing bribery of foreign public officials.
To clarify the appropriate measures we have in place against bribery, we abolished our guidelines on preventing bribery of foreign officials in August 2017 and formulated anti-bribery guidelines as well as detailed rules under the Global Compliance Regulations.
We also formulated similar guidelines for Group companies to prevent corruption throughout the Group.
In addition, prevention of corruption has been incorporated into reference materials used in our compliance training to remind employees of the associated risks.
Telecommunication services such as the Internet and mobile phones represent lifelines for our customers.
Moreover, these areas are undergoing rapid technological innovation in which the content, providers, and contracts related to services used by customers are becoming increasingly sophisticated, diverse, and complex.
For this reason, we must provide customers with appropriate information and produce advertisements that are readily understood.
To earn customer trust, NTT Communications adheres to the Voluntary Standards and Guidelines on Advertisement of Telecom Services, established by the Telecom Services Promotion Conference*, so that customers can safely choose and use our services. We also strive to convey proper, easily understood information to customers by adhering to our internal Rules on Advertising and following the basic principles Initiatives for Preventing Corruption Appropriate Advertising of complying with the Act against Unjustifiable Premiums and Misleading Presentations as well as associated laws, regulations, and guidelines.
In concrete terms, we have established operational procedures to ensure compliance with prevailing laws and regulations, which includes setting up a screening system for advertising and designating leaders in each department who conduct voluntary screening. The Legal and Internal Audit Department is responsible for screening specific types of advertisements. In February 2019, we sought to address the diversification in contemporary advertising media and methods by revising the Specific Screening Method for Advertising in an effort to ensure appropriate implementation.
In addition to complying with the Act against Unjustifiable Premiums and Misleading Presentations and other relevant laws, we will further strive to reassure customers about the accuracy of our advertising when they choose NTT Communications’ services.
* A council consisting of four telecommunications industry groups: the Telecommunications Carriers Association, Telecom Services Association, Japan Internet Providers Association, and Japan Cable and Telecommunications Association.
Awareness-raising Programs and Training for Thorough Compliance
To ensure thorough legal compliance and fair business activities, companies are required to implement awareness and training programs for employees and directors on an ongoing basis.
The NTT Communications Group provides annual compliance training to all employees and directors.
In fiscal 2018, our designated theme was “data falsification and doctoring,” which has become a social issue.
In addition to organizing conventional training for raising awareness of rules by emphasizing knowledge of laws and internal regulations, we began offering training that encourages employees to take appropriate action through mutual communication and support in situations that often lead to compliance violations.
We also actively conduct internal awareness programs by inviting entries for compliance slogans and regularly providing information via the internal website.
We attach great importance to surveys on corporate ethics because they allow us to gain a detailed understanding of employee views and attitudes over time.
In fiscal 2018, we conducted a survey targeting all Group employees and are seeking to enhance initiatives based on the results toward further raising compliance awareness across the entire Group.
In view of the growing importance of compliance in the supply chain, for example, ensuring legal compliance by subcontractors, we are bolstering our initiatives to raise employee awareness of securing compliance in subcontracting agreements.
We established the NTT Communications Group Hotline,which is accessible to all employees across the Group.Additionally, the NTT Group operates an external contact point for consultation and reporting, staffed by lawyers, to foster an open corporate culture.
In fiscal 2019, a total of 87 incidents related to the NTT Communications Group were reported through these two channels in Japan. The Compliance Office responded appropriately to the reports after investigating the facts and implemented the necessary actions to prevent recurrence.
◆ CSR Priority Activities
Respect for Human Rights
Promoting Human Rights Education
To create a rich corporate culture founded on respect for human rights, we laid out our Basic Policy on Human Rights Education in July 1999 to raise employee awareness.
Also, we set up the Human Rights Education Promotion Committee to firmly establish a corporate constitution that does not tolerate discrimination of any kind as well as to promote awareness of the issues. Guided by the NTT Group Human Rights Charter, established in 2014, the committee reports on human rights education activities and plans related measures.
Basic Policy on Human Rights Education
As a company that develops business on a global basis, NTT Communications places the utmost importance on solving human rights issues, including discrimination, as a part of its efforts to build a rich corporate culture that respects human rights.
As we strive to maintain a corporate constitution that does not tolerate any form of discrimination, we are working to find solutions to human rights and discrimination issues through every facet of our day-to-day business activities.
Corporate Constitution that Respects Human Rights
Placing the utmost importance on human rights, we seek to establish a corporate constitution that does not tolerate any form of discrimination and is intended to establish bright and vibrant workplaces. Our approach to preventing workplace harassment is based on the Rules for Preventing Harassment, established in May 2020 in accordance with the NTT Communications Group’s Basic Policy on Human Rights Education. In conjunction with the establishment of these rules, we organized a seminar on anger management, which was attended by around 200 people, including staff in charge of human rights education at all Group companies as well as full-time and temporary employees who had signed up voluntarily.
◆ NTT Communications Group Framework for Promoting Human Rights Education
Human Rights Due Diligence
To identify any negative impact our business activities may have on human rights, we exercise due diligence by conducting a potential impact assessment of risks using various related data as well as a potential impact assessment based on interviews with stakeholders on the results of the first assessment.
In concrete terms, we conduct human rights management surveys in collaboration with NTT to grasp priority issues, designate priority themes for the NTT Group, and plan and implement action plans that address the designated human rights concerns.
Measures for Raising Human Rights Awareness
Companies have recently been subject to growing public demand for creating human rights protection frameworks that are closely aligned with the nature of each business. The NTT Communications Group is a global ICT provider, and a diverse array of full-time and temporary employees participate in our business operations. Accordingly, we promote respect for human rights with due consideration for diversity.
We have made it mandatory for all full-time and temporary employees of the NTT Communications Group to attend the All-Employee Human Rights Education Training sessions,designed to foster a heightened sense of awareness in eachand every employee.
We began the training session with a detailed explanation of measures implemented in June 2020 to prevent harassment in the workplace and introduced actual Company-related cases as well as human rights issues such as discrimination. In the area of corporate activity and human rights, we highlighted our efforts to address the SDGs and the UK Modern Slavery Act of 2015. We seek to ensure that employees remain conscious of these concerns in their daily operations by cultivating a broad understanding of harassment and intercultural communication, encouraging them to frequently review the NTT Group Human Rights Charter and NTT Communications Group’s Basic Policy on Human Rights Education, and widely disseminating information on our multiple contact points for consultation.
For new employee training for fiscal 2019, we implemented a program on LGBT issues based on the All-Employee Human Rights Education Training from the previous fiscal year, to provide an opportunity for employees to think for themselves.
In addition to training, we invite entries on human rights andcompliance slogans as an opportunity for each employee to consider the importance of this public concern.
In fiscal 2019, we received 9,174 entries from 4,174 people, comprising full-time and temporary employees at all Group companies, including overseas subsidiaries, and members of employees’ families.
We will continue to engage in various educational measures and foster respect for diversity and acceptance of differences toward creating brighter, more vibrant workplaces.
◆ Contact Points for Human Rights Issues
The NTT Communications Group has set up internal and external contact points for employees to consult on issues that arise in the workplace.
We also disseminate information through training sessions and email newsletters to raise awareness of the contact points among full-time and temporary employees.The contact points are absolutely committed to confidentiality and protecting the rights of individuals who seek consultation.
Respect for Human Rights in Content and Services
Internationally, companies are required not only to do their utmost to avoid infringing on human rights but also to take action from the standpoint of preventing complicity, which includes ensuring that any information they release does not contain any elements possibly encouraging violations and that no business partner responsible for providing services is or has been involved with an offender.
Accordingly, we are making an industry-wide effort to eliminate violence and pornography.
For example, we block the Internet access of our individual customers to websites containing such content. Moreover, we conduct procurement practices with due consideration for CSR when selecting suppliers.
Contributing to the Welfare of Children
Industry-wide Countermeasures against Child Pornography
Blocking child pornography on the Internet is an important issue that must be addressed, not only to protect the human rights of children but also to prevent children from falling victim to human rights abuses and to ensure the provision of a safe Internet environment. In particular, since the Japanese government launched a national campaign against child pornography in 2010, an ongoing private-public initiative has established a proactive system that includes the voluntary blocking of access to child pornography websites by Internet service providers. Under these circumstances, the NTT Communications Group joined other ISPs, search engine service providers, filtering service providers, and related businesses to form the Internet Content Safety Association(ICSA). The ICSA has been effectively compiling and managing information for forcibly blocking access to child pornography images and providing member companies with the list of addresses for websites that publish child pornography.
Specifically, the NTT Communications Group’s goo and OCN services restrict access based on child pornography website address lists provided by the ICSA. Individual ISPs have begun blocking child pornography images based on these lists as well. In response, NTT Resonant has implemented measures on the search engines it offers.
◆ CSR Priority Activities
Business Risk Management
We established the Business Risk Management Committee,chaired by the senior executive president and consisting of the heads of each organization, to develop a system and mechanisms for more effectively responding to major business risks that may affect our corporate management.
The risks were categorized into 25 items as of March 31,2020, and we have identified and addressed three as material risks for fiscal 2019. We adopted a mechanism in which the management status of material risks is monitored throughaudits, sorted our risk-related operations, and boosted efficiency. Every year, we ask each organization to identify the risks and review and revise their policies and measures for addressing risks. Furthermore, we ask the heads of each organization, including directors, for a self-evaluation on the status of organizational risk management, confirmation that no risks have been overlooked, and operational audits of the status of each organization’s measures against risk. We have extended these activities to principal Group companies in Japan to promote risk management throughout the Group.
In the event that a material risk occurs, we will set up a Disaster (Accident)/Risk Response Headquarters, headed by the president or senior executive president, as needed in order to provide the structure for gathering accurate information and making effective decisions. Thereafter the Disaster Response Headquarters will take the lead in addressing the situation on the ground.
Since the Great East Japan Earthquake, we have seen growing public interest in crisis management for times of emergency, such as large-scale natural disasters. With a renewed awareness of our mission as a company responsible for maintaining social infrastructure through communication, we have strengthened our management structure to accelerate our response to contingencies and have sought to instill that awareness in all departments by ensuring strict adherence to manuals and organizing drills. Particularly since fiscal 2013,we have laid out an operational plan to prepare against a pandemic in compliance with the Act on Special Measures for Preparedness and Response against Pandemic Influenza and New Infectious Diseases, and we are currently formulating a related concrete business continuity plan. In response to the COVID-19 pandemic, we have taken the following measures.
- ・ Set up a Disaster Response Headquarters headed by thepresident
- ・ Established our operational policy based on guidelines published by the Telecommunications Carriers Association and other entities
- ・ In line with our responsibilities as a designated public institution, we sought to secure telecommunications
through operations such as monitoring networks,repairing equipment, and opening communication lines.
We also sought to protect people’s lives and health by taking appropriate actions against infection.
Furthermore, to comply with Japan’s Disaster Countermeasures Basic Act and Act on Measures for Protecting Japanese Nationals in Armed Attack and Other Situations, we have established and publicly disclosed our Operational Plan for Disaster Prevention and Operational Plan for the Protection of Japanese Nationals in order to fulfill our responsibility as a designated public institution.
In accordance with the new Companies Act, enacted in May 2006 and revised in May 2015, we have drawn up basic policies for establishing a system of internal controls for the entire NTT Group. Concurrently, as a member of the NTT Communications Group, the Board of Directors resolved to implement the measures necessary for the system.
We are also working to reinforce and upgrade internal controls over financial reporting in line with the requirements of the Financial Instruments and Exchange Act, enacted in June 2006.
Basic Approach for Maintaining an Internal Control System
- In maintaining a system of internal controls for complying with laws and regulations, managing any risk from losses and carrying out proper and efficient business operations, NTT Communications takes a variety of measures to prevent and minimize loss.
- NTT Communications has established Internal Auditing to maintain and assess effectiveness with regard to operational status of the above system of internal controls.
As a monitoring organization, the department is responsible for regular audits and special audits of high-risk areas common to the NTT Group, in keeping with the standardized auditing criteria of NTT.
The necessary improvements are made following assessments of system effectiveness.
- NTT Communications will cooperate with NTT and take appropriate measures to ensure the reliability of its system of internal controls for financial reporting under Japan’s Financial Instruments and Exchange Law.
- The president is responsible for ensuring the development and implementation of the system of internal controls.
- We will take all necessary steps to comply with NTT’s Basic Policies Concerning the Maintenance of Internal Control Systems.
At NTT Communications, Internal Auditing takes the lead in conducting internal audits of internal organizations and Group companies, with an emphasis on business risks. Through the audits, we seek to reduce and prevent the manifestation of management risks while also proposing operational improvements to enhance the corporate value of the entire NTT Communications Group. In fiscal 2019, we began continuous risk monitoring with CAAT* and organized various training events to develop the data analysis skills of internal auditors while also doubling the number of certified internal auditors. Furthermore, we will accelerate and intensify our drive to reform our internal auditing functions to bolster risk control and operational efficiency.
* Computer-assisted audit techniques that utilize big data
◆ CSR Priority Activities
Ensuring Information Security
The NTT Communications Security Declaration has been our basic policy for conducting business based on our belief that adhering to strict security management standards will lead to improving security and delivering benefit to our customers.
NTT Communications Security Declaration
Our most important mission, in addition to protecting information that is vital to our customers and providing services they know are safe, is contributing to an enhancement of our customers’ security system.
We regard security as our top priority in providing services to our customers, and we pledge to work with them to achieve an optimum security system. We will do our utmost to ensure security in all phases of the value chain from technology and service development to establishment and operation. Furthermore, as ICT professionals, each one of us will raise our capabilities to respond to security-related issues.
- We regard security as our top priority in providing services to our customers, and we will do our utmost to enhance their security.
- As an ICT solution partner entrusted with our customers’ vital information, we will work with them at all times to ensure their security.
- Business partners and contract employees are also important supporting members of NTT Communications. We will therefore collectively strive to ensure our own security.
Protection of Customer Information and Personal Information
We operate in strict compliance with laws and regulations as well as the Ministry of Internal Affairs and Communications’guidelines relating to the protection of personal information.
In situations in which we subcontract the handling of customer personal information, we select subcontractors that meet the standards for handling customer information.
In 2002, we obtained the Information Security Management Systems (ISMS) certification*1, primarily for our corporate sales and maintenance divisions, and the PrivacyMark certification*2 in 2004. Furthermore, to comply with the General Data Protection Regulation, enacted in the European Union in May 2018, we revised internal rules, confirmed the conditions for providing service, established Standard Data Protection Clauses, and organized training for employees.
We continue to protect our customers’ information and personal data so they can utilize our services without concern.
*1 A screening and certification system for assessing whether an information security management system conforms to JIS Q 27001 (ISO/IEC 27001)standards.
*2 A registered trademark granted for use by companies that have been certified by the Japan Information Processing Development Corporation as having established a system for appropriately protecting personal information in compliance with Japanese Industrial Standard JIS Q 15001 requirements for personal information management systems.
Raising Workplace Awareness and Providing Thorough Training
Having positioned “Ensuring Information Security” as a key focus of our management foundation (governance) in the field of CSR activities, we have consistently pursued our initiatives by setting CSR KPIs, which encompass a wide range of activities such as strengthening the reliability of our information handling processes, obtaining and maintaining ISMS certification, and conducting security surveys.
Furthermore, we provide training for employees in order to raise workplace awareness as a critical responsibility for an ICT enterprise.
As an entity working to sustain a safe and secure networked society, NTT Communications will accelerate the pace of its ongoing initiatives, including those at overseas Group companies.
◆ Information Security Training Attendance
Information Security Management Structure
We have established common benchmarks on information security management for our operations in Japan and overseas, based on the requirements of ISO/IEC 27001, the international standard for ISMS. Also, we are enhancing the Group’s information security governance through ongoing management activities aimed at raising the standard of our initiatives, centered on regular monitoring of compliance and corrective action.
Specifically, the Security Management Office under the Chief Security Officer does the following.
1. Formulates rules and standards and educates all employees to raise their awareness
2. Draws up and implements Companywide information security policies
3. Monitors compliance with information security regulations and takes any necessary corrective action
4.Ensures a unified response to information security incidents
In fiscal 2019, we implemented major initiatives, led by the information security department (NTT Com-SIRT).
We addressed software vulnerabilities and continued to apply the WideAngle comprehensive risk-management service to IT systems throughout the Company to reduce security risks.
We also sought to enhance the level of our security risk management through initiatives that included the implementation of centralized management over Companywide IT systems using the platform for distributing information on vulnerability assessments.
◆ Security Management Framework
* In May 2021, we set out a new Sustainability Policy as an upgrade to the Fundamental CSR Policy. CSR priority areas, priority activities and achievements thereof, targets, and other items shown in this website are linked to the former Fundamental CSR Policy.