Our Company has established the TOKYO KEIKI Group Code of Ethical Conduct as a code for acting in compliance with
laws, regulations, our Articles of Incorporation, and social norms. We recognize that the awareness of every employee
is of utmost importance in the establishment of corporate ethics, and strive to uphold corporate ethics in our everyday
activities. We also refuse any relationships with antisocial forces that threaten order and security in civil society.
Concepts and policies regarding compliance
To manage corporate ethics activities across the organization,
we have established a permanent Corporate Ethics
Committee chaired by the Chief Legal Governance Officer.
Corporate ethics-related organizational chart

Code of Conduct
The TOKYO KEIKI Group Code of Ethical Conduct* forms
a basis for encouraging sound behavior by every employee.
Working from basic stances that include the avoidance of
words and acts in violation of laws and regulations, and
appropriate response to acts that violate corporate ethics,
the Code of Ethical Conduct sets out our responsibilities to all
stakeholders, including the provision of products and services
of benefit to society, contribution to society through our
corporate activities, and the creation of safe and comfortable
working environments. By complying with this code of
conduct, we will fulfill our responsibilities to society.
Note that we also translate the Code of Ethical Conduct
into local languages and ensure that our overseas subsidiaries
are thoroughly versed in the code.
*https://www.tokyokeiki.jp/company/rinri.html
Initiatives aimed at raising awareness of compliance
Under the recognition that the awareness of all employees is
of utmost importance in establishing corporate ethics, every
year in April we carry out education on our code of conduct
(the Code of Ethical Conduct) for all employees.
Status of training implementation
In response to the COVID-19 pandemic, we changed the
way we ran our FY 2021 Code of Ethical Conduct education,
which had previously focused on classroom-based group
training. In order to enable all employees to take and complete
the education, training was primarily conducted via e-learning
and online meetings, and the period over which education
was provided was also lengthened. Following completion of
the course, all employees submitted an Affidavit Concerning
the Code of Ethical Conduct.
Internal audits
Based on Internal Audit Rules shared by the entire Group,
internal audits are conducted with the aim of helping to
increase Group management soundness and efficiency.
Internal audits investigate the appropriateness and
effectiveness of internal control systems from a standpoint
that is independent of the division, department, or subsidiary
being audited. Improvements are then implemented based on the results.
The results of internal audits are reported to the President
& CEO. The results of internal audits as well as corrective
measures aimed at any identified deficiencies are also
reported and shared in Corporate Ethics Committee
meetings.
Whistleblowing system
Our Group has set up contact points inside and outside
the company for directly accepting information on legally
suspect acts or similar information, with the guarantee that no
disadvantage will befall whistleblowers.
Two contact points inside the company are the Internal
Auditors Office and the Audit and Supervisory Committee.
The latter handles violations of laws and regulations by
directors and executive officers, playing a role in preventing
the concealment of violations by officers.
In FY 2021, there was one case of whistleblowing, which
involved a minor issue, handled by the company’s internal
points of contact. We will continue working to entrench this
system and enforce compliance with laws and regulations.
Initiatives to prevent corruption
Our Group’s Code of Ethical Conduct stipulates that we will not
pursue profits through improper means, and that we will conduct
dealings in accordance with domestic and foreign laws and rules.
To address overseas dealings, we have established Regulations
for the Prevention of Bribery of Foreign Public Officials, and offer
education every year to deepen understanding of laws and
regulations related to the prevention of bribery in key countries.
Conducted mainly as hierarchy-specific education for managerialclass
employees in e-learning and classroom formats, this
education includes overviews of laws on the prevention of bribery
of foreign civil servants, the US Foreign Corrupt Practices Act, and
cases of exposure of bribery of foreign public servants in Japan.
As many of our projects in Japan involve government agencies,
we also strictly prohibit related collusion.
Concepts, policies, and structures for risk management
In our business activities, we face risks that must be identified,
evaluated, and analyzed at the management level, and for
which the priority of responses must be made clear. Our
Group’s risk management system is organized into a Legal
Governance Affairs Office, Internal Auditors Office, Audit and
Supervisory Committee, and other bodies, centered on the
Management Conference and with the President & CEO as the
chief officer responsible for company-wide risk management.
Risk management system diagram

Risk management implementation
We have established Risk Management Rules that are shared
Group-wide and that apply to the entire Group.
We implement risk management separately for “serious
management risks” and for all other risks.
What is deemed serious management risks is reviewed and
re-drafted annually by the Legal Governance Affairs Office in
accordance with the Risk Management Rules as a report titled
“Serious Management Risks and Key Measures.” The Chief
Legal Governance Officer submits this report for approval to
the Management Conference and the Board of Directors.
Various divisions, departments, and subsidiaries are identified
as being in charge in “Serious Management Risks and Key
Measures.” Based on the ideal situations and key measures
described in the report, these divisions, departments, and
subsidiaries create “Serious Risk Measure Programs” for each
specific measure that are submitted to the Legal Governance
Affairs Office by the end of each year. The Legal Governance
Affairs Office verifies the content of the “Serious Risk Measure
Programs” submitted by the various departments in charge
and, in the event of any deficiencies, indicates improvements
to the relevant department. Each department integrates the
determined risk measures into their medium-term business
plans, and those measures that can be put into effect
immediately are implemented as required.
Risks other than serious management risks are handled
in accordance with the Risk Management Rules. Each
department, etc. follows a risk questionnaire to discover
and identify risks that pose the possibility of causing a loss
to the department. Departments conduct this process by
investigating each risk category identified in the rules for that
department’s own business goals. Even when risks may not
be applicable at the current time, full consideration is given to
enumerating risks that can be expected to arise in the future
due to environmental changes.
Each department then engages in evaluation and
calculation of all identified risks. This evaluation and calculation
includes an evaluation of the frequency of occurrence and
the impact of each risk. These values are in turn multiplied to
produce an overall evaluation. Risks whose overall evaluation
score is 10 or more points are identified as serious risks.
Measures for these serious risks are recorded according to
a set format and submitted to the Legal Governance Affairs
Office. They are also integrated into the department’s own
medium-term business plan. In addition, those measures
that can be put into effect immediately are implemented as
required. Those risks whose overall evaluation score is less
than 10 points are, based on the respective department’s
controls (measures, practices, and self-evaluation), tackled as
part of work efficiency improvement activities, etc.
At the end of each term, the departments evaluate the
status of the implementation of the risk measures they
formulated in the preceding fiscal year and report the results
to the Legal Governance Affairs Office.
The Internal Auditors Office evaluates the “Serious Risk
Measure Programs” from an independent perspective and, as
necessary, conducts internal audits (inspections) and indicates
corrections and improvements.
Examples of serious management risks
1. Domestic and foreign economic changes |
7. Transactions with public agencies |
2. Natural disasters and epidemics |
8. Increasing competition |
3. Development of new products |
9. Material and component procurement |
4. Product quality |
10. Information security |
5.Securing human resources |
11. Intellectual property rights |
6.Interest rate fluctuations |
12. Retirement benefit liabilities |
*Details regarding the above risks are provided in our Annual
Securities Report.
BCP
Overview of BCP
In the event of emergencies, we place utmost priority on
ensuring the safety of human life and promptly resolving the
situation. The foundation of our response is minimization of
losses and quick recovery from damage to ensure business
continuity. Toward this end, we maintain and improve
regulations and work manuals common across our Group,
namely, the Crisis Management Regulations that set forth
basic matters concerning crisis management, and the
Crisis Management Manual that describes procedures for
responding to specific incidents.
BCP system
The chief officer responsible for crisis management is the
President & CEO, or a director or executive officer who
is appointed to the position by the President & CEO. The
organization that actually responds to an emergency is
generally the department in charge involved in the crisis
situation, with the Legal Governance Affairs Office providing
support.
When deemed necessary by the chief responsible officer,
an emergency response task force is set up with the chief
responsible officer as the task force head and the department
in charge as the secretariat. In 2020, we established a
COVID-19 Emergency Response Task Force with the
President & CEO as the chief responsible officer, and this task
force was still in operation in FY 2021.
Information security
Information security policy
Our Information Security Basic Policy is aimed at ensuring the
confidentiality, integrity, and availability of the information that constitutes
a vital asset of ours, as well as protecting that information from threats
including disasters and accidents. The appropriate discretionary measures
that we undertake in this area are grounded in the aims of this Basic Policy.
The Information Security Basic Policy consists of the following four
categories.
Information Security Basic Policy
- Information security initiatives
- Compliance with laws and regulations, etc.
- Protection of information assets
- Incident response
System for promoting information security
We have established an Information Security Management
Committee (ISMC), chaired by the Chief Information Officer
and composed of members selected from departments.
Our Strategic Information Planning Department under
the Corporate Planning & Administration Office oversees
formulation of measures related to information security. When
formulating key measures, the department submits these
to the ISMC and, depending on the content, consults with
the Management Conference. In addition, TOKYO KEIKI
INFORMATION SYSTEMS INC. (TIS), a subsidiary of ours, is
in charge of our Group’s information system development and
operation. TIS has acquired ISO/IEC 27001 certification, an
international standard for an information security management
system (ISMS).
Information security incident response
We have created flowcharts and made these available on our
intranet explaining in an easy-to-understand way what actions
a user should immediately take in order to respond quickly
when the risk of an information leak occurs due to the loss of
a PC or smartphone, or when there is a serious information
asset threat due to a computer virus infection, etc. Depending
on the scope of the incident as reported by the chairperson
of the ISMC, in accordance with the Crisis Management
Regulations and per the judgment of the President & CEO, an
emergency response task force for the information security
incident may be established with the aim of swiftly bringing the
incident under control and resolving it.
Example of information security incident
response flowchart
(computer virus)

Information system user support
User education is extremely important in order to increase
the effectiveness of information security management.
The Strategic Information Planning Department under the
Corporate Planning & Administration Office holds briefings
for users when new systems and services are implemented.
The department also conducts e-learning classes on basic
information security. In FY 2021, the department called
attention to Emotet, a computer virus wreaking havoc; and
business email compromise (BEC) scams. As a specific
example, the department conducted targeted attack email
training. Email training is considered an effective measure in
a time when the threat of targeted emails is on the rise. By
sending mock emails in the training, individual employees
gain the knowledge to make proper decisions and take
the correct action when they receive a suspicious email,
making it possible to increase the level of awareness among
employees.
Further, in response to the COVID-19 pandemic, we worked
to strengthen our remote access environment, previously only
used by a small section of users, and expanded the number
of users of this system. Improvements included augmenting
network equipment and expanding services available for use
via remote access.
In addition, we made it possible for all remote access
users to access the intranet site of the COVID-19 Emergency
Response Task Force established in response to the
COVID-19 pandemic, so that they may know what actions to
take even when working from home.
COVID-19 Emergency Response Task Force page