Continuous Strengthening of Corporate Governance
As we continue to provide global ICT services that have become embedded in social infrastructure, we must ensure that our management foundation covers all the required elements, which are diverse.
They include an efficient and nimble business organization, an open corporate culture, and a risk management system capable of flexibly responding to emergencies such as accidents and natural disasters.
At the NTT Communications Group, we take a thorough, Group-wide approach to ensuring efficient governance and solid compliance in order to continue contributing to the development of a sustainable society.
In recent years in particular, we have been working diligently to prevent and thwart cybercrime, which has become a serious social problem.
◆ CSR Priority Activities
Corporate Governance Structure
NTT Communications has adopted a governance structure based on a system of Board of Directors and Board of Corporate Auditors to bolster its governance functions.
The Board of Directors comprises 18 members and is chaired by the president. In principle, it meets once a month to make key management decisions in compliance with laws and regulations, the Articles of Incorporation, and the Board of Directors’ rules.
The Board of Corporate Auditors comprises three auditors.
In addition to attending important meetings such as those of the Board of Directors, they hold meetings of the Board of Corporate Auditors to audit the execution of directors’ duties with an emphasis on confirming the legality and appropriateness of management decisions.
A dedicated organization and staff facilitates efficient audit operations.
The corporate auditors seek to strengthen the audit structure by periodically sharing information on audit plans and results with accounting firms and relevant parties to maintain close cooperation.
◆ Corporate Governance Structure
Directors are appointed with the expectation that they will utilize their extensive knowledge and insight in their respective fields.
Compliance Promotion Framework
In view of the growing awareness of compliance, the NTT Communications Group goes well beyond merely adhering to laws and ordinances.
We engage in our daily operations in accordance with high standards of corporate ethics to retain the trust of all stakeholders, including customers, business partners, shareholders, and society as a whole.
We have created a system to promote compliance with our fiscal 2002 launch of the Compliance Committee, chaired by the director in charge of compliance, and by assigning compliance promotion leaders and staff to each unit.
With the ongoing globalization of the Group’s business, compliance risks have become increasingly complex and global in nature.
In response, we formulated Global Compliance Regulations in July 2015 as a common compliance policy for Group companies in Japan and overseas.
We have been promoting compliance management across the Group through disseminating top management messages, training employees, and conducting internal audits to confirm and improve ongoing initiatives at each Group company.
Looking ahead, even as we respond to the evolving business environment, management and all Group employees will engage in ethical business practices and seek to strengthen the Group’s compliance system worldwide.
Initiatives for Preventing Corruption
To prevent corruption, including bribery and bid-rigging, NTT Communications adheres to the National Public Service Ethics Code and formulates and operates guidelines and manuals for preventing bribery of foreign public officials.
To clarify the appropriate measures we have in place against bribery, we abolished our guidelines on preventing bribery of foreign officials in August 2017 and formulated anti-bribery guidelines as well as detailed rules under the Global Compliance Regulations.
We also formulated similar guidelines for Group companies to prevent corruption throughout the Group.
In addition, prevention of corruption has been incorporated into reference materials used in our compliance training to remind employees of the associated risks.
Telecommunication services such as the Internet and mobile phones represent lifelines for our customers.
Moreover, these areas are undergoing rapid technological innovation in which the content, providers, and contracts related to services used by customers are becoming increasingly sophisticated, diverse, and complex.
For this reason, we must provide customers with appropriate information and produce advertisements that are readily understood.
To earn customer trust, NTT Communications adheres to the Voluntary Standards and Guidelines on Advertisement of Telecom Services, established by the Telecom Services Promotion Conference*, so that customers can safely choose and use our services. We also strive to convey proper, easily understood information to customers by adhering to our internal Rules on Advertising and following the basic principles Initiatives for Preventing Corruption Appropriate Advertising of complying with the Act against Unjustifiable Premiums and Misleading Presentations as well as associated laws, regulations, and guidelines.
In concrete terms, we have established operational procedures to ensure compliance with prevailing laws and regulations, which includes setting up a screening system for advertising and designating leaders in each department who conduct voluntary screening. The Legal and Internal Audit Department is responsible for screening specific types of advertisements. In February 2019, we sought to address the diversification in contemporary advertising media and methods by revising the Specific Screening Method for Advertising in an effort to ensure appropriate implementation.
In addition to complying with the Act against Unjustifiable Premiums and Misleading Presentations and other relevant laws, we will further strive to reassure customers about the accuracy of our advertising when they choose NTT Communications’ services.
* A council consisting of four telecommunications industry groups: the Telecommunications Carriers Association, Telecom Services Association, Japan Internet Providers Association, and Japan Cable and Telecommunications Association.
Awareness-raising Programs and Training for Thorough Compliance
To ensure thorough legal compliance and fair business activities, companies are required to implement awareness and training programs for employees and directors on an ongoing basis.
The NTT Communications Group provides annual compliance training to all employees and directors.
In fiscal 2018, our designated theme was “data falsification and doctoring,” which has become a social issue.
In addition to organizing conventional training for raising awareness of rules by emphasizing knowledge of laws and internal regulations, we began offering training that encourages employees to take appropriate action through mutual communication and support in situations that often lead to compliance violations.
We also actively conduct internal awareness programs by inviting entries for compliance slogans and regularly providing information via the internal website.
We attach great importance to surveys on corporate ethics because they allow us to gain a detailed understanding of employee views and attitudes over time.
In fiscal 2018, we conducted a survey targeting all Group employees and are seeking to enhance initiatives based on the results toward further raising compliance awareness across the entire Group.
In view of the growing importance of compliance in the supply chain, for example, ensuring legal compliance by subcontractors, we are bolstering our initiatives to raise employee awareness of securing compliance in subcontracting agreements.
We established the NTT Communications Group Hotline, which is accessible to all employees across the NTT Communications Group.Additionally, the NTT Group operates an external contact point for consultation and reporting, staffed by lawyers, to foster an open corporate culture.
In fiscal 2018, a total of 76 incidents, all in Japan, were reported through these two channels that were related to the NTT Communications Group.
The Compliance Office responded appropriately to these reports after investigating the facts and implemented the necessary actions to prevent recurrence.
Respect for Human Rights
Promoting Human Rights Education
To create a rich corporate culture founded on respect for human rights, we laid out our Basic Policy on Human Rights Education in July 1999 to raise employee awareness.
Also, we set up the Human Rights Education Promotion Committee to firmly establish a corporate constitution that does not tolerate discrimination of any kind as well as to promote awareness of the issues. Guided by the NTT Group Human Rights Charter, established in 2014, the committee reports on human rights education activities and plans related measures.
Basic Policy on Human Rights Education
As a company that develops business on a global basis, NTT Communications places the utmost importance on solving human rights issues, including discrimination, as a part of its efforts to build a rich corporate culture that respects human rights.
As we strive to maintain a corporate constitution that does not tolerate any form of discrimination, we are working to find solutions to human rights and discrimination issues through every facet of our day-to-day business activities.
Corporate Constitution that Respects Human Rights
Placing the utmost importance on human rights, we seek to establish a corporate constitution that does not tolerate any form of discrimination and is intended to establish bright and vibrant workplaces.
◆ NTT Communications Group Framework for Promoting Human Rights Education
Human Rights Due Diligence
To identify any negative impact our business activities may have on human rights, we exercise due diligence by conducting a potential impact assessment of risks using various related data as well as a potential impact assessment based on interviews with stakeholders on the results of the first assessment.
In concrete terms, we conduct human rights management surveys in collaboration with NTT to grasp priority issues, designate priority themes for the NTT Group, and plan and implement action plans that address the designated human rights concerns.
In fiscal 2018, we conducted hearings with NGOs working on issues related to business and human rights in regions that were associated with relatively high risks in our potential impact assessment.
We also held dialogues with local Group companies on policies for addressing human rights issues, whether they had the necessary system in place for identifying such issues, and their relevance to local operations.
Furthermore, we organized multiple seminars by experts in the field to encourage employees of NTT and NTT Communications to understand the relationship between their work and human rights.
Measures for Raising Human Rights Awareness
Companies have recently been subject to growing public demand for creating frameworks for protecting human rights that are closely aligned with the nature of each business.
The NTT Communications Group is a global ICT provider, and a diverse array of full-time and temporary employees participate in our business operations. Accordingly, we promote respect for human rights with due consideration for diversity.
We have made it mandatory for all full-time and temporary employees of the NTT Communications Group to attend the All-Employee Human Rights Education Training sessions, designed to foster a heightened sense of awareness within each and every employee. In fiscal 2018, we sought to enhance the training by including LGBT issues alongside other general topics to create an opportunity for employees to think for themselves. We also shared more examples of our response to concerns such as the UK Modern Slavery Act of 2015.
We will seek to ensure that employees remain conscious of these concerns in their daily operations by encouraging them to frequently review the NTT Group Human Rights Charter and NTT Communications Group’s Basic Policy on Human Rights Education and by widely disseminating information on our multiple contact points for consultation.
In addition to training, we invite entries on human rights and compliance slogans as an opportunity for each employeeto consider the importance of this public concern.
In fiscal 2018, we received 13,736 entries from 7,187 people, comprising full-time and temporary employees at all Group companies, including overseas subsidiaries and members of employees’ families.
We will continue to engage in various educational measures and foster respect for diversity and acceptance of differences toward creating brighter, more vibrant workplaces.
Contact Points for Human Rights Issues
◆ The NTT Communications Group has set up internal and external contact points for employees to consult on issues that arise in the workplace.
We also disseminate information through training sessions and email newsletters to raise awareness of the contact points among full-time and temporary employees.The contact points are absolutely committed to confidentiality and protecting the rights of individuals who seek consultation.
Respect for Human Rights in Content and Services
Internationally, companies are required not only to do their utmost to avoid infringing on human rights but also to take action from the standpoint of preventing complicity, which includes ensuring that any information they release does not contain any elements possibly encouraging violations and that no business partner responsible for providing services is or has been involved with an offender.
Accordingly, we are making an industry-wide effort to eliminate violence and pornography.
For example, we block the Internet access of our individual customers to websites containing such content. Moreover, we conduct procurement practices with due consideration for CSR when selecting suppliers.
Business Risk Management
We established the Business Risk Management Committee, chaired by the senior executive president and consisting of the heads of each organization, to develop a system and mechanisms for more effectively responding to major business risks that may affect our corporate management.
We reorganized the system in fiscal 2010, identifying 25 material risk items in our Risk Definition Report and adopting a mechanism in which the management status of material risks is monitored through audits. At the same time, we sorted out our risk-related operations and boosted efficiency. Since then, we have continuously requested that each organization identify the risks as well as review and revise their policy and measures for addressing risks.
Furthermore, we ask the heads of each organization, including directors, for a self-evaluation on the status of organizational risk management, confirmation that no risks have been overlooked, and operational audits of the status of each organization’s measures against risk. We have extended these activities to principal Group companies in Japan to promote risk management throughout the Group.
In the event that a material risk occurs, we will set up a Disaster (Accident)/Risk Response Headquarters headed by the president or senior executive president as needed in order to provide the structure for gathering accurate information and making effective decisions.
In the aftermath of the Great East Japan Earthquake, we have seen growing public interest in crisis management for times of emergency, such as large-scale natural disasters.
With a renewed awareness of our mission as a company responsible for maintaining social infrastructure through communication, we have strengthened our management structure to accelerate our response to contingencies and have sought to instill that awareness in all departments by ensuring strict adherence to manuals and organizing drills.
Particularly since fiscal 2013, we have laid out an operational plan to prepare against a pandemic in compliance with the Act on Special Measures for Preparedness and Response against Pandemic Influenza and New Infectious Diseases, and we are currently formulating a related concrete business continuity plan.
Furthermore, to comply with Japan’s Disaster Countermeasures Basic Act and Act on Measures for Protecting Japanese Nationals in Armed Attack and Other Situations, we have established and publicly disclosed our Operational Plan for Disaster Prevention and Operational Plan for the Protection of Japanese Nationals in order to fulfill our responsibility as a designated public institution.
In accordance with the new Companies Act, enacted in May 2006 and revised in May 2015, we have drawn up basic policies for establishing a system of internal controls for the entire NTT Group. Concurrently, as a member of the NTT Communications Group, the Board of Directors resolved to implement the measures necessary for the system.
We are also working to reinforce and upgrade internal controls over financial reporting in line with the requirements of the Financial Instruments and Exchange Act, enacted in June 2006.
Basic Approach for Maintaining an Internal Control System
- In maintaining a system of internal controls for complying with laws and regulations, managing any risk from losses and carrying out proper and efficient business operations, NTT Communications takes a variety of measures to prevent and minimize loss.
- NTT Communications has established Internal Auditing to maintain and assess effectiveness with regard to operational status of the above system of internal controls.
As a monitoring organization, the department is responsible for regular audits and special audits of high-risk areas common to the NTT Group, in keeping with the standardized auditing criteria of NTT.
The necessary improvements are made following assessments of system effectiveness.
- NTT Communications will cooperate with NTT and take appropriate measures to ensure the reliability of its system of internal controls for financial reporting under Japan’s Financial Instruments and Exchange Law.
- The president is responsible for ensuring the development and implementation of the system of internal controls.
- We will take all necessary steps to comply with NTT’s Basic Policies Concerning the Maintenance of Internal Control Systems.
At NTT Communications, the Legal and Internal Audit Department conducts internal audits of Group companies, including internal organizations, with an emphasis on business risks.
Through the audits, we seek to reduce and prevent the manifestation of management risks at individual organizations and Group companies while proposing operational improvements to enhance the corporate value of the entire NTT Communications Group. In fiscal 2018, we sought to further enhance the quality of our internal audits by undergoing an external quality assessment based on international standards and conducted by the Institute of Internal Auditors. In light of the observations gained from the assessment, we will review our operational processes and utilize CAAT* to accelerate and intensify our drive to reform our internal auditing functions to bolster risk control and operational efficiency.
* Computer-assisted audit techniques that utilize big data
Ensuring Information Security
The NTT Communications Security Declaration has been our basic policy for conducting business based on our belief that adhering to strict security management standards will lead to improving security and delivering benefit to our customers.
NTT Communications Security Declaration
Our most important mission, in addition to protecting information that is vital to our customers and providing services they know are safe, is contributing to an enhancement of our customers’ security system.
We regard security as our top priority in providing services to our customers, and we pledge to work with them to achieve an optimum security system. We will do our utmost to ensure security in all phases of the value chain from technology and service development to establishment and operation. Furthermore, as ICT professionals, each one of us will raise our capabilities to respond to security-related issues.
- We regard security as our top priority in providing services to our customers, and we will do our utmost to enhance their security.
- As an ICT solution partner entrusted with our customers’ vital information, we will work with them at all times to ensure their security.
- Business partners and contract employees are also important supporting members of NTT Communications. We will therefore collectively strive to ensure our own security.
Protection of Customer Information and Personal Information
We operate in strict compliance with laws and regulations as well as the Ministry of Internal Affairs and Communications’guidelines relating to the protection of personal information.
In situations in which we subcontract the handling of customer personal information, we select subcontractors that meet the standards for handling customer information.
In 2002, we obtained the Information Security Management Systems (ISMS) certification*1, primarily for our corporate sales and maintenance divisions, and the PrivacyMark certification*2 in 2004. Furthermore, to comply with the General Data Protection Regulation, enacted in the European Union in May 2018, we revised internal rules, confirmed the conditions for providing service, established Standard Data Protection Clauses, and organized training for employees.
We continue to protect our customers’ information and personal data so they can utilize our services without concern.
*1 A screening and certification system for assessing whether an information security management system conforms to JIS Q 27001 (ISO/IEC 27001)standards.
*2 A registered trademark granted for use by companies that have been certified by the Japan Information Processing Development Corporation as having established a system for appropriately protecting personal information in compliance with Japanese Industrial Standard JIS Q 15001 requirements for personal information management systems.
Raising Workplace Awareness and Providing Thorough Training
Having positioned “Ensuring Information Security” as a key focus of our management foundation (governance) in the field of CSR activities, we have consistently pursued our initiatives by setting CSR KPIs, which encompass a wide range of activities such as strengthening the reliability of our information handling processes, obtaining and maintaining ISMS certification, and conducting security surveys.
Furthermore, we provide training for employees in order to raise workplace awareness as a critical responsibility for an ICT enterprise.
As an entity working to sustain a safe and secure networked society, NTT Communications will accelerate the pace of its ongoing initiatives, including those at overseas Group companies.
◆ Information Security Training Attendance
Information Security Management Structure
We have established common benchmarks on information security management for our operations in Japan and overseas, based on the requirements of ISO/IEC 27001, the international standard for ISMS. Also, we are enhancing the Group’s information security governance through ongoing management activities aimed at raising the standard of our initiatives, centered on regular monitoring of compliance and corrective action.
Specifically, the Security Management Office under the Chief Security Officer does the following.
1. Formulates rules and standards and educates all employees to raise their awareness
2. Draws up and implements Companywide information security policies
3. Monitors compliance with information security regulations and takes any necessary corrective action
4.Ensures a unified response to information security incidents
In fiscal 2018, we implemented major initiatives, led by the information security department (NTT Com-SIRT).
We addressed software vulnerabilities and continued to apply the WideAngle comprehensive risk-management service to IT systems throughout the Company to reduce security risks.
We also sought to enhance the level of our security risk management through initiatives that included the implementation of centralized management over Companywide IT systems using the platform for distributing information on vulnerability assessments.