Risk Management｜Corporate Governance｜｜About Us

For the purpose of promoting sound, highly transparent and efficient management, the Board of Directors will improve the systems concerning compliance, appropriateness of financial reporting, risk management and other matters, seeking more effective functions in the internal control system from the perspectives of group management, and supervise their operation status by utilizing the Internal Audit Department. In order to enhance the accuracy of internal control, we endeavor to minimize managerial risks by documenting and monitoring the details of the business operations of each group company, the assumed risks, and the countermeasures to them. The Representative Director & President has established the Risk Committee and the Information Security Committee inside the Sustainability Committee to control high-risk fields in management, thus improving the relevant business operations and preventing accidents at an early stage.
The Risk Committee prevents risks from occurring by evaluating and identifying serious risks concerning corporate management, such as business strategy, natural disasters, and infectious diseases, and by taking actions in advance. In the event of a crisis, we are prepared to immediately establish a separate “emergency task force” to act quickly and appropriately.

Examples of the major risks to be managed

1.Risks concerning business strategy

Risks	Examples of the major risks
1-1 Business environment	Intensified competition with industry peers and different industries Industrial reorganization and oligopoly through large-scale M&A
1-2 Applicable laws, regulations, etc.	Drastic reductions of drug prices and dispensing fees Revisions of applicable tax rules and accounting standards
1-3 Investments	Failure of investments in new stores Failure of M&A investments

2.Risks relating to natural disasters, infectious diseases, etc.

Risks	Examples of the major risks
2-1 Large-scale disasters	Stagnation of economic activities Suspension of business activities due to damage to stores, offices, systems and employees Damage to properties held and repair costs arising therefrom
2-2 Climate change	Damage to stores and facilities due to typhoons, heavy rains, etc. Introduction of a carbon tax, etc. due to the tightening of regulations
2-3 Infectious diseases	Stagnation of economic activities Self-restraint and suspension of business activities at stores Suspension of business activities due to infection of employees

3.Risks relating to corporate management

Risks	Examples of the major risks
3-1 Wrongdoing and accidents	Occurrence of serious mistakes in prescription dispensing Fraudulent activities by officers or employees Defective products, foreign substance mixing, and inappropriate labeling
3-2 Information security	System failures caused by accidents, defects, etc. Unauthorized invasion and/or access and virus infection from external networks Leakage of customer information
3-3 Human rights	Worsening of work environments and safety and health Acts of human rights violation (harassment and discriminatory practices, etc.)
3-4 Human assets	Shortage of managerial human resources Intensified competition for hiring capable human resources
3-5 Supply chain	Human rights and environmental issues concerning the supply chain Changes in purchase prices

Internal reporting system

For the purpose of preventing and correcting violation of laws and regulations or misconduct by organizations or individuals, SUGI Pharmacy Group has established a compliance consultation channel, enabling employees to seek consultation anonymously. The internal reporting system is operated in accordance with the internal rules, and reporting channels are established within the Group and in external law offices. In order to prohibit disadvantageous treatment of informants and increase the recognition and understanding of the abovementioned system, we have ensured that contact information for the system is displayed at our stores and offices and have also distributed the Compliance and Disaster Countermeasure Pocket Book. By such promotional activities, we endeavor to establish a sound reporting system.
The Internal Reporting System was renamed “Anything 115 Consultation Call Service for All Workplace Concerns” in FY 2021 to create an environment where employees feel able to use it more freely.

Personal information protection and enhanced information security

The SUGI Pharmacy Group works to strengthen the protection of personal information and information security in order to protect and prevent the leakage of personal information, customer information, and confidential information. By establishing the Information Security Basic Policy, the Group is taking various measures to prevent any unauthorized access from outside, virus infection, or data leakage. At the same time, we work to strengthen information security systems and educate employees appropriately.

Reinforcement of information security systems and education

Establish the Information Security Basic Policy
Inform employees of the Information Security Basic Policy and provide relevant education
Obtain certification from an external organization (ISMS)

Prevention of unauthorized access from outside

Install firewalls
Implement defense against unauthorized intrusion from websites
Prevent the receipt of virus-infected emails

Prevention of virus infection

Introduce anti-virus software
Apply security patches
Restrict communications with and browsing of websites

Prevention of data leakage

Prohibit the connection of PCs with external devices
Restrict access to customer information
Install security rooms and security cameras
Preserve logs of PC operations and email sending to strengthen the ability to investigate in the case of leakage and secure tracking trails

Information Security Basic Policy

The SUGI Pharmacy Group has been engaging in management to contribute to society by effectively utilizing assets and resources borrowed from society (people, things, money, information, etc.) and continuing to provide profits to society. To realize this, we understand that it is our top priority management issue to strengthen the information security of the entire Group by protecting our customers’ personal information and other information assets owned by us from various threats, including unauthorized access and cyberattacks. Based on this concept, the Group established the “Information Security Basic Policy.”
Going forward, we will endeavor to maintain and improve information security through compliance with and proper handling of the aforementioned policy and the “Handling of Personal Information (Privacy Policy)” by our officers and employees.

Click the website below for the Information Security Basic Policy

Conformance of information security management systems to standard requirements

The Sugi Pharmacy Group complies with the requirements of the ISO27001 standard in the following operations.
The Group will endeavor to strengthen and upgrade its responses in the areas of personal information protection and information security by receiving examinations by external organizations appropriately.

(1) Health guidance-related work
(2) Information management of point card members, incoming call handling, and management of incoming record creation
(3) Customer information analysis, purchase data analysis and sales operations, sales promotion and advertising-related tasks
(4) Recruitment and temporary staffing business, human resource consulting services
(5)Comprehensive e-commerce and logistics operations, integrated with health counseling services including professional referrals and product sales
(6)Planning, development, sales, and consulting for healthcare products and services, as well as pharmacy operations and professional consulting for pharmacists

JQA-IM1736
JQA-IM1863
JQA-IM1978
JQA-IM2081
JQA-IM2198

Certificate Number: JQA-IM1736

Organization：SUGIWELLNESS CO., LTD．

Scope of Registration:

Development and provision of health guidance service and information offering serviceand based on healthcare data
Development and provision of health guidance systems

Certificate Number: JQA-IM1863

Organization：Customer Support Center

Scope of Registration:

Incoming call handling and record preparation services
Managing the registration of and changes in point card members

Certificate Number: JQA-IM1978

Organization： Digital Sales Promotion Dept., Product Div., SUGI PHARMACY CO., LTD. Note: Registration amendment in progress. (Formerly: Merchandising Administration Dept. and Digital Marketing Dept.)

Scope of Registration:

CRM strategy utilizing proprietary media, analysis of sales performance data, and analysis and sales of ID-POS data
Operations concerning sales promotion, advertising, and planning and implementation management of various measures and campaigns in the digital domain

Certificate Number: JQA-IM2081

Organization：MCS CO., LTD．

Scope of Registration:

Fee-charging staffing and temporary staffing services
Consulting services such as issue studies, implementation of countermeasures, and follow-up services in human resources

Certificate Number：JQA-IM2198

Organization： Pilot Station Promotion Dept., Sugi-Kaku Net Promotion & Management Div. Note: Registration amendment in progress. (Formerly: Pilot Station Promotion Project, DX Strategy Div.,SUGI PHARMACY CO., LTD. )

Scope of Registration：

At Sugi Pharmacy Kawaguchi Totsuka Store

E-commerce site operations including customer support and order fulfillment
Logistics and shipping services for outsourced operations
Health counseling services, including referrals to specialized institutions and the proposal/sale of related products and services

IS 748534

Certificate Number:IS 748534

Organization：KNOCK ON THE DOOR Inc.

Scope of Registration：

Planning, development, manufacturing, sales and consulting of healthcare sector products and services
Operation of pharmacies and consulting services for pharmacists

Compliance with standard requirements for the appropriate management of personal information

The Sugi Pharmacy Group complies with the standard requirements for proper management of personal information in the following corporations or operations.
We are committed to ensuring the appropriate protection and management of personal information, while continuously strengthening and improving our systems.

Certificate Number：19001530: Organization：SUGIWELLNESS CO., LTD．

Certificate Number：19001673: Organization：SUGI PHARMA SYSTEMS CO., LTD.

PM 806690

Certificate Number：PM 806690

Organization： KNOCK ON THE DOOR Inc.

Scope of Registration:

Planning, development, manufacturing, sales and consulting of healthcare sector products and services
Operation of pharmacies and consulting services for pharmacists