Risk Management

For the purpose of promoting sound, highly transparent and efficient management, the Board of Directors will improve the systems concerning compliance, appropriateness of financial reporting, risk management and other matters, seeking more effective functions in the internal control system from the perspectives of group management, and supervise their operation status by utilizing the Internal Audit Department. In order to enhance the accuracy of internal control, we endeavor to minimize managerial risks by documenting and monitoring the details of the business operations of each group company, the assumed risks, and the countermeasures to them. The Representative Director & President has established the Risk Committee and the Information Security Committee inside the Sustainability Committee to control high-risk fields in management, thus improving the relevant business operations and preventing accidents at an early stage.
The Risk Committee prevents risks from occurring by evaluating and identifying serious risks concerning corporate management, such as business strategy, natural disasters, and infectious diseases, and by taking actions in advance. In the event of a crisis, we are prepared to immediately establish a separate “emergency task force” to act quickly and appropriately.

Examples of the major risks to be managed

1.Risks concerning business strategy

Risks Examples of the major risks
1-1 Business environment
  • Intensified competition with industry peers and different industries
  • Industrial reorganization and oligopoly through large-scale M&A
1-2 Applicable laws, regulations, etc.
  • Drastic reductions of drug prices and dispensing fees
  • Revisions of applicable tax rules and accounting standards
1-3 Investments
  • Failure of investments in new stores
  • Failure of M&A investments

2.Risks relating to natural disasters, infectious diseases, etc.

Risks Examples of the major risks
2-1 Large-scale disasters
  • Stagnation of economic activities
  • Suspension of business activities due to damage to stores, offices, systems and employees
  • Damage to properties held and repair costs arising therefrom
2-2 Climate change
  • Damage to stores and facilities due to typhoons, heavy rains, etc.
  • Introduction of a carbon tax, etc. due to the tightening of regulations
2-3 Infectious diseases
  • Stagnation of economic activities
  • Self-restraint and suspension of business activities at stores
  • Suspension of business activities due to infection of employees

3.Risks relating to corporate management

Risks Examples of the major risks
3-1 Wrongdoing and accidents
  • Occurrence of serious mistakes in prescription dispensing
  • Fraudulent activities by officers or employees
  • Defective products, foreign substance mixing, and inappropriate labeling
3-2 Information security
  • System failures caused by accidents, defects, etc.
  • Unauthorized invasion and/or access and virus infection from external networks
  • Leakage of customer information
3-3 Human rights
  • Worsening of work environments and safety and health
  • Acts of human rights violation (harassment and discriminatory practices, etc.)
3-4 Human assets
  • Shortage of managerial human resources
  • Intensified competition for hiring capable human resources
3-5 Supply chain
  • Human rights and environmental issues concerning the supply chain
  • Changes in purchase prices

Internal reporting system

For the purpose of preventing and correcting violation of laws and regulations or misconduct by organizations or individuals, SUGI Pharmacy Group has established a compliance consultation channel, enabling employees to seek consultation anonymously. The internal reporting system is operated in accordance with the internal rules, and reporting channels are established within the Group and in external law offices. In order to prohibit disadvantageous treatment of informants and increase the recognition and understanding of the abovementioned system, we have ensured that contact information for the system is displayed at our stores and offices and have also distributed the Compliance and Disaster Countermeasure Pocket Book. By such promotional activities, we endeavor to establish a sound reporting system.
The Internal Reporting System was renamed “Anything 115 Consultation Call Service for All Workplace Concerns” in FY 2021 to create an environment where employees feel able to use it more freely.

Personal information protection and enhanced information security

The SUGI Pharmacy Group works to strengthen the protection of personal information and information security in order to protect and prevent the leakage of personal information, customer information, and confidential information. By establishing the Information Security Basic Policy, the Group is taking various measures to prevent any unauthorized access from outside, virus infection, or data leakage. At the same time, we work to strengthen information security systems and educate employees appropriately.

Reinforcement of information security systems and education
  • Establish the Information Security Basic Policy
  • Inform employees of the Information Security Basic Policy and provide relevant education
  • Obtain certification from an external organization (ISMS)
Prevention of unauthorized access from outside
  • Install firewalls
  • Implement defense against unauthorized intrusion from websites
  • Prevent the receipt of virus-infected emails
Prevention of virus infection
  • Introduce anti-virus software
  • Apply security patches
  • Restrict communications with and browsing of websites
Prevention of data leakage
  • Prohibit the connection of PCs with external devices
  • Restrict access to customer information
  • Install security rooms and security cameras
  • Preserve logs of PC operations and email sending to strengthen the ability to investigate in the case of leakage and secure tracking trails

Information Security Basic Policy

The SUGI Pharmacy Group has been engaging in management to contribute to society by effectively utilizing assets and resources borrowed from society (people, things, money, information, etc.) and continuing to provide profits to society. To realize this, we understand that it is our top priority management issue to strengthen the information security of the entire Group by protecting our customers’ personal information and other information assets owned by us from various threats, including unauthorized access and cyberattacks. Based on this concept, the Group established the “Information Security Basic Policy.”
Going forward, we will endeavor to maintain and improve information security through compliance with and proper handling of the aforementioned policy and the “Handling of Personal Information (Privacy Policy)” by our officers and employees.

Click the website below for the Information Security Basic Policy

Conformance of information security management systems to standard requirements

Sugi Pharmacy Group complies with the requirements of the ISO27001 standard in the following operations.
The Group will endeavor to strengthen and upgrade its responses in the areas of personal information protection and information security by receiving examinations by external organizations appropriately.

(1) Specific health guidance business
(2) Information management of point card members, incoming call handling, and management of incoming record creation
(3) Customer information analysis, sales promotion and advertising
(4) Recruitment and temporary staffing business, human resource consulting services

Conformance of information security management systems to standard requirements
  • JQA-IM1736
  • JQA-IM1863
  • JQA-IM1978
  • JQA-IM2081

Certification registration number: JQA-IM1736

Registered Business:SUGIWELLNESS CO., LTD.

Scope of registered activities:

  • Development and provision of health guidance service and information offering serviceand based on healthcare data

Certification registration number: JQA-IM1863

Registered Business:Customer Support Office

Scope of registered activities:

  • Incoming call handling and record preparation services
  • Managing the registration of and changes in point card members

Certification registration number: JQA-IM1978

Registered Business:SUGI PHARMACY CO., LTD  Product Division( the product management department)・DX Strategy Division(the digital marketing department)

Scope of registered activities:

  • Operations concerning CRM strategies and analysis using the Company’s own media; and
  • Operations concerning sales promotion, advertising, and planning and implementation management of various measures and campaigns in the digital domain

Certification registration number: JQA-IM2081

Registered Business:MCS CO., LTD.

Scope of registered activities:

  • Fee-charging staffing and temporary staffing services
  • Consulting services such as issue studies, implementation of countermeasures, and follow-up services in human resources