Information Security

Kyowa Kirin Group Information Security Policy

Established on August 1, 2022

The Kyowa Kirin Group (hereinafter referred to as the "Group") recognizes that the information including confidential and personal information held by the Group and the systems that manage and protect such information (hereinafter referred to as the "Information Assets") are important assets. Under this recognition, the Group shall strive to maintain and improve information security with business partners and subcontractors in order to properly manage and use the Information Assets.

1. Scope

This Group Policy applies to everyone working in the Group, regardless of country or region, position or title, such as officer, employee, fixed-term employee or temporary staff, or full time or part time (the “Employees of the Group”). We will also require all of our business partners or agents, etc. to act in accordance with the underlying principles set forth in this Group Policy.

2. Treatment of Information Assets

The Group shall manage the Information Assets in a lawful, safe and legitimate manner, and shall not use them illegally, unjustly or falsely. Also, the rights and interests of those who provide the Information Assets from external sources shall be protected.

3. Compliance with Laws and Regulations

The Group shall comply with information security laws, guidelines, and industry rules of the country and region in which the Group operates.

4. Information Security System

The Group shall establish and operate an appropriate framework to implement the maintenance and improvement of global information security.

5. Responding to Information Security Risks

The Group shall identify information security risks and implement sound organizational, physical, human and technical measures. Also, if a problem occurs, the Group shall immediately investigate the cause and respond appropriately to minimize the damage.

6. Education

The Group shall continuously conduct education and raise awareness on information security and endeavor to maintain and improve information security.

7. Continuous Assessment

The Group shall continuously conduct inspections on the 6 points listed above for assessment and perform any required improvements.