１．Basic Policy on Risk Management

• We define risk as the possibility of any event that may cause physical, economic, or reputational loss or disadvantage, thereby hindering the achievement of our management objectives or the execution of our business activities. We have established a basic policy on risk management to ensure appropriate controls that prevent risks from materializing, as well as prompt and effective responses in the event that they do occur.
   

• ・ We strive to prevent and mitigate risks in order to ensure the quality and safety of our products and services, protect the health
• 　 and safety of our executives and employees, and earn the trust and meet the expectations of stakeholders, including customers,
• 　 shareholders, investors, and local communities.
• ・ We maintain an organizational framework for the proper management of the diverse risks surrounding our business and implement
• 　 comprehensive risk management.
• ・ In the course of business operations, we conduct risk assessments and take appropriate preventive measures. Should a risk materialize,
• 　 we act to minimize any resulting losses.
• ・ In the event of an incident that could significantly impact management objectives or business operations and requires urgent response,  
• 　 we prioritize the protection of human life and health, minimize damage, and take swift and appropriate action to restore
• 　 normal business operations.
• ・Through effective risk management, we aim to achieve sustainable business development and enhance corporate value.

２．Information Security and Personal Information Protection

• We recognize that information assets—including trade secrets and personal information entrusted to us by customers and business partners, as well as our own systems, devices, storage media, and the facilities and equipment necessary to protect and operate them—are vital assets in our business activities.

  To protect these information assets from various threats (such as leakage, unauthorized use, destruction, alteration, disasters, malfunctions, mishandling, or theft) and ensure their appropriate use, we have established an Information Security Policy and Personal Information Management Rules.

  All information assets handled by the company are classified according to their level of importance, and appropriate security measures—organizational, human, physical, and technical—are implemented to ensure their confidentiality, integrity, and availability.

３．Crisis Management

• In the event of an emergency—such as a natural disaster, accident, or infectious disease outbreak—that has a serious impact on business operations and requires an urgent response, the company has clearly defined in its internal regulations the organizational structure and necessary actions to secure the safety of employees and promptly restore affected facilities.

  When a company-wide response is required, an Emergency Response Headquarters will be established under the decision of the President to direct and coordinate crisis management efforts.

(Note)
When reporting, speed is of the utmost importance. If the designated reporting line is unavailable, appropriate alternative measures shall be taken, such as reporting to the next person in the chain of command.