Information Management Policy

The Tokyo Ohka Kogyo Group (Tokyo Ohka Kogyo Co., Ltd. and its subsidiaries; hereinafter referred to as the "TOK Group") has positioned managing risks related to information assets as an important business issue and is working to implement various measures in line with the following policy in order to fulfill its corporate social responsibility.

Compliance and Utilization of Information Assets

①With respect to all information assets held by the TOK Group, including managerial, technical, customer/supplier, marketing, and personal information, the Group will comply with laws and regulations related to information security, other social norms, in-house rules, and other guidelines, and protect the information appropriately. The Group shall only use the information to efficiently execute the operations of the Group, within the stipulated scope of authority, and for the prescribed purpose.

Optimization of Risk Management and Control

②The TOK Group considers various risks related to information management, such as cyber risks, risks associated with the use of AI and cloud services, economic security risks, intellectual property risks, and risks of leakage of trade secrets and personal information, as risks affecting the entire supply chain. The Group identifies and evaluates these risks and optimizes control through human, physical, organizational, and IT measures to maintain the confidentiality, integrity, and availability of information assets.

Organizational Structure and Activities

③The TOK Group has established an Information Management Committee and will continue to build, maintain, and promote a management structure to properly govern information assets for the overall Group.

Maintenance of Security Infrastructure

④The TOK Group updates and maintains reasonable communication tools and security platforms to effectively utilize and protect its information assets.

Incident response

⑤If an information security incident occurs, the TOK Group shall promptly report to relevant parties to minimize damage, preserve evidence, and implement measures to prevent recurrence.

Education

⑥The TOK Group shall regularly and continually conduct in-house training and work to raise awareness and educate employees about in-house rules, etc.

Audits and Continuous Improvements

⑦The TOK Group will implement regular audits and make continuous improvements as a part of the management of information assets.

Information Management Structure

The TOK Group Information Management Committee is chaired by the Division manager of the Corporate Planning Division. The Committee determines the policies and measures related to information security and cybersecurity. The overseas subsidiaries established information management organizations, which develop systems and rules to collaborate under the guidance of the TOK Group Information Management Committee, thereby strengthening information management systems throughout the Group. In addition, the Internal Auditing Depatrment regularly audits compliance to the rules and other matters on information management as part of its internal audits. The Department aims to improve the information management system by giving guidance, issuing proposals, and offering advice to relevant departments