Risk Management

日本語 English

JAPEX promotes company-wide cross-sectional risk management. The lead departments and committees evaluate and manage individual risks appropriately for each department and risk, while the Risk Management Committee evaluates and manages risks across the entire company.

Integrated Risk Management

The Risk Management Committee, chaired by the President, deliberates mainly on the following matters.

Evaluation and management of risks related to management (including climate change)
Management of major project progress
Verification of non-compliance cases

Risk management, including the secretariat of this committee, is jointly supervised and promoted by Investment Management Dept., and Administration and Legal Dept. In addition, the status of risk management is reported annually to the Board of Directors.

Individual risks are evaluated and managed by the following committees.

Investment Evaluation Committee: Verification of risks and appropriateness of investments in important projects
Health, Safety, Security, and Environment (HSSE) Committee: Deliberation of risks related to HSSE
Information Security Committee: Deliberation of risks related to information security

The management plan, ESG, and other medium- to long-term management issues are deliberated by the Sustainability Committee.

Business Risks

Investments in significant projects of a certain size or subject to other conditions are deliberated by the Investment Evaluation Committee in accordance with the Investment Evaluation Guidelines. This committee evaluates the appropriateness of investments based not only on the economics of the project, but also on ESG-related items and business risks from the perspective of geopolitics and other factors. The results of the deliberations are reported to the Executive Committee and the Board of Directors, which discuss the final investment decision of the project, as necessary.

DG Process

A four-step Decision Gate (DG) process has been introduced to investment decisions for projects with a financial burden above a certain level. The DG process identifies risks and opportunities related to the business from each of the Technical, Economic, Commercial, Organizational, and Political-Societal (TECOP) perspectives to conduct a review called DGR (Decision Gate Review).

DGR-1: Identify risks and opportunities based on the perception of the external environment, after confirming their compatibility with the strategy.
DGR-2: Generate all possible alternatives and evaluate their viability, risks, and opportunities.
DGR-3: Select the best proposal that maximizes the value of the project from multiple proposals.
DGR-4: Review details to make final investment decision.

Business Risk Management in the Implementation Phase

For projects that have moved into the implementation phase, the Risk Management Committee regularly monitors the status to identify and manage qualitative and quantitative risks.

Safety Measures and Business Continuity in Case of Emergency

In addition to safety measures for employees engaged in operations in Japan and overseas, the HSSE Committee is established to discuss company-wide policies and related matters to continue business operations in the event of an emergency. Also, developing a system and various manuals based on company-wide policies, as well as implementing appropriate countermeasures and raising employee awareness on a regular basis, have been executed.

Overseas Safety Measures

To protect the safety of our employees engaged in overseas operations, JAPEX conducts countermeasures, training, and educational activities from ordinary times based on our overseas safety and crisis management guidelines.

The HSSE Committee is responsible for the establishment and deliberation of overseas safety and crisis management guidelines and related important matters. In addition, the Overseas Safety Measures Subcommittee, whose members include the HSE Department and the general managers of relevant departments, gathers information on overseas safety and makes decisions on whether or not to take business trips.

Overseas Emergency Response Drills and Information Dissemination

JAPEX conducts emergency response drills to improve the crisis management skills of employees engaged in overseas operations and those in charge of overseas operations at our head office.

Emergency communication drills between overseas fields and our head office
Overseas contingency response drills, including simulations and workshops that simulate overseas contingencies

We are also working to raise awareness of crisis management throughout the company even in normal times by providing overseas safety information and overseas safety seminars to employees to be dispatched or assigned as an expatriate abroad.

Emergency Response

JAPEX has established the Emergency Countermeasure Regulations, related procedures, and various manuals to prepare for emergencies involving personnel, equipment, and other matters that may affect our business.

In the event of an emergency, we will gather information, communicate, and give instructions mainly to the departments in charge of business and major fields in accordance with these rules, procedures, and various manuals. Depending on the situation, the Emergency Response Headquarters will be settled at our head office and the Local Emergency Response Headquarters at major locations such as business offices to respond to emergency situations.

Drills are conducted at least once a year at our head office, business sites, and other major fields to simulate emergency situations. While taking into account the results of these efforts, we are preparing and improving emergency response regulations, related procedures, and various manuals as appropriate.

Business Continuity Plan (BCP)

A business continuity plan (BCP) is formulated against emergencies such as a major earthquake or other disaster, or an epidemic of an infectious disease that could have a significant impact on social life.

Moreover, we have prepared a manual for initial response in case of a large-scale disaster, and regularly conduct emergency drills at each business site, employee safety confirmation drills, and walk-home (from work) drills for emergencies.

The BCP and its accompanying procedures and manuals have been improved as necessary based on actual experiences of damage and disaster at our business sites, including the Great East Japan Earthquake in 2011, the Hokkaido Iburi-East Earthquake in 2018, and the Fukushima Prefecture Offshore Earthquake in 2021.

Response to a Large-Scale Infectious Disease Outbreak

To ensure our business operations can continue even during large-scale outbreaks of infectious diseases, JAPEX has developed a "Basic Novel Influenza Response Plan," which includes measures to prevent infections among our employees. Additionally, we continuously update and revise the plan as needed to adapt to various emergency scenarios caused by infectious diseases. In response to the global spread of COVID-19 since 2020, we implemented measures to prevent infections and curb the spread of the virus. We continue prioritizing the health and safety of our employees, while maintaining a system that allows us to continue business operations at a level equivalent to normal operations.

Related

Information Security

Concept of Information Security Policy

Japan Petroleum Exploration Co., Ltd. (hereinafter collectively referred to as "the Company") recognize important information handled in the course of its business activities and the information systems that process the majority of such information as its most critical "information assets." To protect these assets, the Company will establish, operate, review, maintain, and improve an information security management system within the organization. Specifically, we will promote activities in accordance with the following information security management policy.

Information Security Management

(1) Objectives of Information Security Management

The Company shall establish an "Information Security Policy" that compiles basic policies and control measures. By implementing company-wide information security management, the Company aims to protect its "information assets" from alteration, destruction, leakage, and other threats, thereby building trust with its customers and society.

(2) Basic Principles

The Company will address information security based on the following three basic principles:

To fulfill our social responsibility and strive to maintain trust and value by ensuring the necessary and sufficient confidentiality and integrity of information assets that require protection and maintenance of value, such as information about business partners and customers, and important information related to business operations.
To maintain the convenience and availability of information assets widely used in daily operations so that their value can be maximized.
To build an organizational, systematic, and comprehensive information security system for the in-house information network with a view to its expansion to the entire Company Group (the Company and its related companies).

(3) Review of the Information Security Basic Policy

This Basic Policy will be reviewed as appropriate and continuously improved in light of changes in the business environment, social environment, legal and regulatory changes, and newly discovered risks.

(4) Implementation of Risk Assessment

To protect the "information assets" held by the Company, risk assessments will be conducted annually or in response to environmental changes. We will proactively work to promptly implement necessary countermeasures.

(5) Establishment of Information Security Management System

The Company will strive to protect all "information assets" it holds and comply with laws and other regulations, thereby establishing an information security management system that ensures continuous trust from society. Furthermore, all directors and employees will understand the importance of "information assets," recognize their roles regarding handling, and thoroughly implement safety management.

(6) Appointment of "Chief Information Security Officer"

The "Chief Information Security Officer" will be appointed, and an Information Security Committee will be organized. Through this, we will accurately grasp the status of information security at the corporate level and proactively work to promptly implement necessary countermeasures.

(7) Information Security Education, Training, Awareness, and Thorough Implementation

All directors and employees will receive regular (annual) information security education and training. We will promote awareness and thorough implementation regarding the importance of information security, proper handling of information, understanding of this Basic Policy, and management.

(8) Compliance with Laws and Regulations

All directors and employees of the Company will comply with the requirements of the Act on the Protection of Personal Information, laws and regulations related to information security, and agreements with customers.

Michiro Yamashita
Representative Director and President

Established on December 1, 2012

Revised on May 1, 2025

Information Security Management System

Based on the policies of the Information Security Committee, our company's information security management will be promoted under a structure of accountability comprising the Chief Information Security Officer, Chief Information Security General Manager, Deputy Chief Information Security General Manager, and Information Security Managers. The implementation structure will consist of the Information Security Countermeasures Promotion Working Group, Information Security Administrators, and Information Security Personnel. Additionally, CSIRT has been formed for incident response.

Information Security Management System

* CSIRT (Computer Security Incident Response Team) is a specialized team established within an organization to respond to security incidents, such as unauthorized access, information leaks, and malware infections.

Governance