SUMCO Group Information Security Basic Policy

September 25, 2025

1. Purpose

The SUMCO Group (hereinafter referred to as “the Group”) recognizes that the appropriate management of information handled by the Group and the equipment and systems used to handle such information (hereinafter referred to as “Information Assets”) is a critical management issue. To promote the establishment of a framework capable of ensuring information security, the Group hereby establishes the “SUMCO Group Information Security Basic Policy.”

2. Scope of application

This policy applies to all officers and employees of the Group.

3. Organization

The Group shall establish appropriate and effective information security management system under management leadership to properly manage Information Assets.

4. Establishment of regulations

The Group shall establish rules concerning regulations and standards to achieve the objectives set forth in this policy. These rules shall be reviewed as necessary to ensure the appropriate management of Information Assets.

5. Implementation of countermeasures

  1. To prevent incidents, including unauthorized access, destruction, information leakage, or tampering of Information Assets (hereinafter referred to as “Incidents”), the Group shall implement necessary and appropriate information security measures in terms of human, organizational, physical, and technical perspectives.
  2. As part of the initiatives outlined in the preceding paragraph, the Group shall establish system to minimize the impact by incidents when they occur and shall implement measures to investigate the causes of incidents and prevent their recurrence.
  3. The status of implementation and challenges regarding information security measures shall be reported regularly to the Head of the AI Promotion Division for review.

6. Education and training

The Group shall continuously provide information security education and training to all officers and employees to enhance information literacy within the Group and improve incident response capabilities.

7. Legal compliance

The Group shall comply with laws, regulations, and other norms related to information security.

8. Continuous improvement

The Group shall strive for continuous improvement and enhancement of our efforts to ensure information security.