JR East Rail Car Technology & Maintenance anticipates possible risks associated with its business,
and takes measures to prevent occurrence or minimize damage when risks occur.
Risk Management
The purpose of risk management is to respond appropriately to various management risks that may affect the company’s business operations in order to fulfill its social responsibilities to customers and local communities.
In addition, in order to stabilize the management base of our company, we will strive to minimize the management loss and social impact in the event of an incident that may affect the management.
We have established the Risk Management Committee consisting of top management to operate the risk management control system company-wide, which smoothly carries out activities such as examining and deciding on basic important matters, including evaluating risk management and deciding on measures to be taken, and also promotes information sharing.
Specifically, we formulate and implement risk management plans, evaluate their performance and effectiveness, and continuously formulate and implement corrective and improvement measures as necessary.
Initiatives for Information Security
As an engineering company specialized in the field of railway rolling stock in relation with the railway business as part of the social infrastructure, we aim to satisfy and gain the trust of our customers through superior technology, products, and services. In maintaining sound corporate activities for this purpose, we ensure information security based on the recognition that it is essential to protect our information assets from various security threats.
JR East Group Information Security Basic Policy
In order to protect information assets from various threats, the JR East Group has formulated and complies with the JR East Group Information Security Basic Policy, and will continue to implement information security measures throughout the Group.
1. Compliance with Laws and Regulations
Officers and employees shall comply with laws, regulations, and other standards related to information security.
2. Establishment of Information Security Promotion System
Officers and employees shall clarify their responsibilities regarding information security and establish a system to implement measures.
3. Formulation of Related Regulations
Officers and employees shall establish and comply with internal regulations based on the Information Security Basic Policy.
4. Protection of Information Assets
Officers and employees shall take organizational, personnel, and technical measures to protect information assets from leakage, theft, loss, and damage.
5. Security Measures for Information System
Officers and employees shall implement security measures according to the characteristics of the information system and protect the system from unauthorized acts.
6. Response to Incidents and Accidents
In the unlikely event of an information security incident or accident, officers and employees shall promptly implement emergency measures, investigate the cause, and take permanent measures to prevent recurrence.
7. Management of Contractors
When outsourcing, officers and employees shall examine the eligibility of the contractor, conclude necessary contracts such as confidentiality agreements, and request the contractor to maintain the security level equivalent to or higher than that of our Group.
8. Education
Officers and employees shall work to improve their knowledge and awareness of information security, and provide continuous education to ensure that information assets are handled properly.
9. Continuous Maintenance and Improvement
Officers and employees shall monitor the implementation status of measures based on the Information Security Basic Policy and work on continuous maintenance and improvement.