A future in which the Company is trusted for its lofty ethics and
solid governance and develops a sustainable society for the future based on diverse co-creation.
As a corporate group that supports indispensable ICT infrastructure for society, we believe in pursuing sustainable business development with high ethical standards under a solid governance structure. In addition to showing respect for human rights, practicing thorough compliance, and enhancing risk management systems, we recognize that ensuring information security is a key mission that determines our reliability, and we therefore always focus on continuous quality improvement. We also seek to instill the same awareness among partners in our value chain, increase the trust of society and local communities through highly varied co-creation, and strive to create a sustainable society while steadfastly enhancing our corporate value.
◆ Priority Activities
Corporate Governance Structure
NTT Communications has adopted a governance structure based on a system of Board of Directors and Board of Corporate Auditors and has recently assigned outside directors to bolster its governance functions. The board comprises six members and is chaired by the president. In principle, it meets once a month to make key management decisions in compliance with laws and regulations, the Articles of Incorporation, and the Board of Directors’rules.
We have set up an Internal Audit Department at the head office to conduct annual internal audits by selecting audit items based on the results of risk assessment to minimize or prevent management risks and boost corporate value. The Board of Corporate Auditors comprises three auditors. In addition to attending important meetings such as those of the Board of Directors, they hold meetings of the Board of Corporate Auditors to audit the execution of directors’ duties with an emphasis on confirming the legality and appropriateness of management decisions. A dedicated organization and staff facilitate efficient audit operations. The corporate auditors conduct their audits in close cooperation with accounting firms and the Internal Audit Department by periodically sharing information on audit plans and results.
◆ Corporate Governance Structure
Directors are appointed with the expectation that they will utilize their extensive knowledge and insight in their respective fields.
◆ Priority Activities
Thorough Compliance and Risk Management
Under the NTT Group Corporate Ethics Policy, NTT Communications will not only adhere to laws and ordinances but will also engage in its daily operations with high ethical standards as a corporate group that retains the trust of all stakeholders, including customers, business partners, shareholders, and society as a whole. In accordance with our Global Compliance Regulations, we promote compliance under a framework comprising the Compliance Committee, with compliance promotion leaders and staff assigned to each unit and Group company. In addition, we consistently promote compliance management across the Group by disseminating top management messages, raising awareness and educating our employees, and operating points of contact for internal reporting.
To prepare ourselves against various risks that may arise from our business, including major disasters, the Business Risk Management Committee takes the lead in annually identifying risks as well as considering and revising our basic response and countermeasures to establish a system and framework for adequately addressing business risks associated with corporate management. Through these measures, we intend to increase sensitivity to risk across the Group and respond to risks that materialize while also developing a structure for addressing environmental and social risks in the future through a Groupwide effort.
Compliance Promotion Framework
The NTT Communications Group acts in accordance with the NTT Group Corporate Ethics Charter, established by its parentcompany Nippon Telegraph and Telephone Corporation and applied throughout the NTT Group. To address compliance issues in Japan and overseas that have become increasingly complex in nature, NTT Communications will not only adhere to laws and ordinances but will also engage in its daily operations with high ethical standards as a corporate group that retains the trust of all stakeholders, including customers,business partners, shareholders, and society as a whole.
◆ Framework of Important Internal Rules on Corporate Ethics
We have specifically established the Global Compliance Regulations as a standard compliance policy for the NTT Communications Group. We promote compliance under a framework comprising the Compliance Committee, chaired by a senior executive vice president, with compliance promotion leaders and staff assigned to each unit andGroup company. At the same time, we consistently promote compliance management across the NTT Communications Group by disseminating top management messages, trainingemployees, operating points of contact for internal reporting,and conducting internal audits to confirm and improve ongoing initiatives at each Group company.
The Compliance Committee consists of the heads of each unit of NTT Communications and presidents of each Group company and meets regularly every six months as a forum for sharing the status of reporting at internal points of contact and holding discussions on measures for establishing corporate ethics. The committee reports on the content of its discussions for each fiscal year to the Executive Council and Board of Directors of NTT Communications.
◆ Compliance Promotion Framework
Looking ahead, even as we respond to the evolving business environment, management and all Group employees will engage in ethical business practices and seek to strengthen the Group’s compliance system worldwide.
Awareness-raising Programs and Training for Thorough Compliance
To ensure thorough legal compliance and fair business activities, companies are required to implement ongoing awareness and training programs for employees and directors.
The NTT Communications Group is actively pursuing internal awareness-raising activities through various programs including compliance training, and by conducting employee awareness surveys on corporate ethics, inviting entries for compliance slogans, and regularly providing information via the internal website.
Initiatives for Preventing Corruption
To ensure compliance with the prevailing laws and regulations in Japan and overseas on preventing corruption, including bribery and bid-rigging, NTT Communications adheres to the Anti-Bribery Handbook compiled by its parent company Nippon Telegraph and Telephone Corporation, as well as its own internal rules, to prevent corruption.
We have stipulated detailed rules against bribery as well as prevention guidelines under the Global Compliance Regulations to clearly demonstrate we have proper measures in place to combat this concern, and we are determined to stringently address specific acts of bribery such as facilitation payments. As part of our Groupwide effort to prevent corruption, we follow procedures in various countries with regard to prior approval in cases where providing benefits to public officials are tolerated under law and confirm the eligibility of agents hired to execute our operations. We also include prevention of corruption as a topic in our compliance training in an ongoing effort to raise awareness.
Telecommunication services such as the Internet and smartphones represent lifelines for our customers. Moreover,these areas are undergoing rapid technological innovation in which the content, providers, and contracts related to services used by customers are becoming increasingly sophisticated and diverse. For this reason, we must provide customers with appropriate information and produce advertisements that are readily understood.
We ensure our advertising is conducted ethically by adhering to our internal Rules on Advertising and following the basic principles of complying with the Act against Unjustifiable Premiums and Misleading Presentations as well as associated laws, regulations, and guidelines. In addition, we practice established operational procedures, including an accountability system related to advertisements and a screening system for advertising, to convey appropriate and easy-to-understand information to customers. To earn customer trust, NTT Communications also adheres to the Voluntary Standards and Guidelines on Advertisement of Telecom Services, established by the Telecom Services Promotion Conference*, so that customers can safely choose and use our services.
* A council consisting of four telecommunications industry groups: the Telecommunications Carriers Association, Telecom Services Association, Japan Internet Providers Association, and Japan Cable and Telecommunications Association.
Initiatives on AI Ethics
Accompanying the rapid progress in technology, AI has spread through incorporation into products and service functions, while concrete applications of AI are being promoted in various areas. On the other hand, ethical concerns over AI-based evaluation and judgment, such as the potential for discrimination and prejudice, have also materialized.
In view of our pursuit of businesses such as SmartWorld and B2B2X, we formulated and began implementing the NTT Communications Group Basic Policy on AI in April 2021 with the objective of ensuring sound and reliable use of AI founded on an understanding of its possibilities and its inherent risks.
The NTT Group has established a common external contact point for consultation and reporting operated by a law firm for all Group companies. The Group has also set up its own hotline for reporting and consulting on compliance issues and a contact point for consulting on human rights issues.We are fostering an open corporate culture by creating an environment that encourages employees to seek consultation and by swiftly and appropriately responding to their concerns and reports.
Business Risk Management
The basic elements of risk management are defined in the Risk Management Rules we established to achieve sustainable corporate growth by anticipating and preventing the occurrence of potential risks that exist in and around our business and by minimizing any loss in the event they materialize. As a system and mechanism for effectively addressing major risks that may affect our business management, we set up the Business Risk Management Committee, chaired by the senior executive president, to construct and implement a PDCA cycle for risk management.
The heads of units and presidents of Group companies comprising the Business Risk Management Committee meet twice a year to address the changing business environment by defining risks that require action, identifying material risks, and discussing issues such as initiatives for promoting risk management. In fiscal 2020, the committee identified 26 risk items by focusing on the current status of internal and external risks as well as their impact and scope. The risk items were also assessed according to their assumed frequency of occurrence and impact. As a result, the COVID-19 pandemic and information security were identified and addressed as material risks.
Each risk item, including material risks, is handled by a Business Risk Management Subcommittee consisting of the relevant units that meet each month to implement a practical PDCA cycle for risk management by examining and analyzing the occurrence of risks and discussing countermeasures.
The subcommittee presents a quarterly report on the status of its response to the Executive Council. Operational audits are conducted to confirm the status of each unit’s measures against risk, and similar activities are extended to principal Group companies in Japan to promote risk management throughout the Group.
Since the Great East Japan Earthquake, we have seen growing public interest in crisis management for times of emergency, such as large-scale natural disasters. With a renewed awareness of our mission as a company responsible for maintaining social infrastructure through communication, we have strengthened our management structure to accelerate our response to contingencies and have sought to instill that awareness in all departments by ensuring strict adherence to manuals and organizing drills. In the event that a material risk occurs, we will set up a Disaster (Accident)/Risk Response Headquarters, headed by the president or senior executive president, as needed in order to provide the structure for gathering accurate information and making effective decisions. Thereafter the Disaster Response Headquarters will take the lead in addressing the situation on the ground.
In July 2021, we established the Supply Chain BCP Guidelines to strengthen business continuity across the entire supply chain. We are working to ensure stable procurement with the cooperation of our suppliers.
Since fiscal 2013, we have laid out an operational plan to prepare against a pandemic in compliance with the Act on Special Measures for Preparedness and Response against Pandemic Influenza and New Infectious Diseases, and we are currently formulating a related concrete business continuity plan.
In accordance with the new Companies Act, enacted in May 2006 and revised in May 2015, we have drawn up basic policies for establishing a system of internal controls for the entire NTT Group. Concurrently, as a member of the NTT Communications Group, the Board of Directors resolved to implement the measures necessary for the system. We are also working to reinforce and upgrade internal controls over financial reporting in line with the requirements of the Financial Instruments and Exchange Act, enacted in June 2006.
Basic Approach for Maintaining an Internal Control System
- 1. In maintaining a system of internal controls for complying with laws and regulations, managing any risk from losses and carrying out proper and efficient business operations, NTT Communica-tions takes a variety of measures to prevent and minimize loss.
- NTT Communications has established the Legal and Internal Audit Department to maintain and assess effectiveness with regard to operational status of the above system of internal controls. As a monitoring organization, the department is responsible for regu-lar audits and special audits of high-risk areas common to the NTT Group, in keeping with the standardized auditing criteria of NTT.
The necessary improvements are made following assessments of system effectiveness.
- NTT Communications will cooperate with NTT and take appropri-ate measures to ensure the reliability of its system of internal con-trols for financial reporting under Japan’s Financial Instruments and Exchange Law.
- The president is responsible for ensuring the development and implementation of the system of internal controls.
- We will take all necessary steps to comply with NTT’s Basic Policies Concerning the Maintenance of Internal Control Systems.
At NTT Communications, Internal Auditing plans to achieve its goal of implementing audits that benefit management by taking the lead in conducting internal audits of internal organizations and Group companies, with an emphasis on business risks. Through the audits, we seek to reduce and prevent the manifestation of management risks while also proposing operational improvements to enhance the corporate value of the entire NTT Communications Group.
◆ Priority Activities
Enhancing Value Chain Partnerships
To establish a procurement system worthy of our customers’ trust, we will manage our entire supply chain based on high ethical standards by promoting and strengthening CSR among suppliers of the NTT Communications Group. To that end, we established the Guidelines for CSR in Supply Chain for the purpose of creating a system based on the concept of CSR procurement, which requires suppliers to thoroughly consider issues on humanitarian and environmental as well as social grounds. At the same time, we will endeavor to develop mutual understanding and relationships of trust with our suppliers.
Furthermore, we will strive to enhance our partnerships to adequately gauge and address the impact of our business activities on the value chain and meet the varied requirements and expectations of society by maintaining a dialogue with our stakeholders toward realizing business activities founded on their trust.
◆ Summary of Guidelines for CSR in Supply Chain
|Human Rights, Labor||
・Prohibition of forced labor and child labor
・Respect for the right to organize and conduct collective bargaining
|Health and Safety||
・Workplace safety measures
・Measures targeting occupational injury and illnesses
・Management of hazardous chemicals
・Effective use of resources and energy
|Fair Trade and Ethics||
・Prevention of corruption and bribery
・Respect for intellectual property rights
|Quality and Safety||
・Ensuring product safety
・Creation of a quality management system
・Prohibition of leaks of personal information
・information system protection measures
・Business continuity management system
・Preparedness for the risk of supply disruptions
◆ Procurement Policies
- NTT Communications will strive to provide competitive opportunities with fairness to both domestic and foreign suppliers, and to build mutual trust and understanding.
- NTT Communications will conduct economically rational procurement of competitive goods and services that meet its business needs, deciding suppliers based on quality, price, delivery times and stable supply in a comprehensive manner.
- NTT Communications will conduct procurement in a manner that follows laws and regulations as well as social norms, and takes the environment, human rights and other issues into account to contribute to society.
Promoting CSR Procurement
We have formulated the Guidelines for CSR in Supply Chain, which encourage procurement policies for respecting human rights and protecting the environment, ensure the quality and safety of products and services, and recognize the overall needs of society. When selecting and entering into agreements with new business partners, we seek compliance with our CSR policy in addition to credit screening criteria, which include confirming corporate initiatives on human rights and labor issues. We also incorporated a clause requiring compliance with the Guidelines for CSR in Supply Chain into each order form, which suppliers are obligated to use. When we determine that a company has failed to meet our criteria and thus represents a risk, we do not trade with them.
◆ Priority Activities
Continuously Strengthening Information Security
To address information security issues that are growing in sophistication and severity due to social trends such as advances in the remote world, we will continuously strengthen security governance and our cyber security measures. We are conducting information security audits and implementing cyber security measures in accordance with the ISO/IEC 27001 international standard for information security management systems to reinforce its governance across the Group. As ICT professionals, we will also focus on establishing environments that prevent the occurrence of personal information leakage by developing human resources capable of maintaining a seamless framework across information and operational technologies.
The NTT Communications Security Declaration has been our basic policy for conducting business based on our belief that adhering to strict security management standards will lead to improving security and delivering benefit to our customers.
NTT Communications Security Declaration
Our most important mission, in addition to protecting information that is vital to our customers and providing services they know are safe, is contributing to an enhancement of our customers’ security system. We regard security as our top priority in providing services to our customers, and we pledge to work with them to achieve an opti-mum security system. We will do our utmost to ensure security in all phases of the value chain from technology and service development to establishment and operation. Furthermore, as ICT professionals, each one of us will raise our capabilities to respond to security-relat-ed issues.
- We regard security as our top priority in providing services to our customers, and we will do our utmost to enhance their security.
- As an ICT solution partner entrusted with our customers’ vital information, we will work with them at all times to ensure their security.
- Business partners and contract employees are also important supporting members of NTT Communications. We will therefore collectively strive to ensure our own security.
Protection of Customer Information and Personal Information
We protect customer personal information in compliance with the relevant laws and regulations as well as guidelines published by the Ministry of Internal Affairs and Communications, operating under an effective system of information management to stringently implement our Customer Information Protection Rules, which define the basic elements of protecting customer information and personal data. When subcontracting the handling of customer personal information, we select subcontractors that meet the required standards.
In 2002, we obtained the Information Security Management Systems (ISMS) certification*1, primarily for our corporate sales and maintenance divisions, and the PrivacyMark certification*2 In fiscal 2020, we implemented security measures in terms of technology and management and in response to an incident involving unauthorized access to the SSL-VPN. Given the passing of Japan’s revised Personal Information Protection Law in June 2020, we began considering revision of our internal rules and reinforced implementation in tandem with initiatives being pursued by the Security Committee. We continue to protect our customers’ information and personal data so they can use our services without concern.
*1 A screening and certification system for assessing whether an information security management system conforms to JIS Q 27001 (ISO/IEC 27001) standards.
*2 A registered trademark granted for use by companies that have been certified by the Japan Information Processing Development Corporation as having established a system for appropriately protecting personal information in compliance with Japanese Industrial Standard JIS
Raising Workplace Awareness and Providing Thorough Training
Having positioned “Ensuring Information Security” as a key focus of our Sustainability Priority Area in which we seek continuous strengthening of corporate governance, we have consistently pursued our initiatives by setting KPIs. These encompass a wide range of activities such as strengthening the reliability of our information handling processes, obtaining and maintaining ISMS certification, and conducting security surveys. Additionally, we provide training for employees in order to raise workplace awareness as a critical responsibility for an ICT enterprise.
As an entity working to sustain a safe and secure networked society, NTT Communications will accelerate the pace of its ongoing initiatives, including those at Group companies
◆ Information Security Training Attendance
Information Security Management Structure
We set common targets on information security management for our operations in Japan and overseas, based on the requirements of ISO/IEC 27001. Specifically, we implement the following measures under the leadership of the chief information security officer (CISO): formulate rules and standards and educate all employees to raise their awareness, draw up and implement Companywide information security policies, monitor compliance with information security regulations and take any necessary corrective action, and ensure a unified response to information security incidents.
◆ Security Management Framework