Information Security Policy

JCR Pharmaceuticals Co., Ltd. and its subsidiaries and associates (hereinafter collectively, the "JCR Group" or "we") conducts the following activities to protect the information assets we handle and to promote the maintenance and improvement of information security.

1.Information Security Management System

The JCR Group establishes a management system to promote the maintenance and improvement of information security, and sets regulations, procedures, etc. for information security based on this Policy.

2.Compliance with laws and regulations

The JCR Group adheres to all applicable laws and regulations concerning informationsecurity and complies with the requirements and obligations under contracts with its business partners concerning information security.

3.Information security measures

The JCR Group takes organizational, personnel, physical and technical information security measures to prevent and minimize the damage caused by information security breaches, which include unauthorized access, leakage, damage, loss, etc., of the information assets. In case of an incident, the JCR Group promptly investigates the cause, minimizes the damage, and prevents its recurrence.

4.Improvement of information security literacy

The JCR Group must continuously educate all employees on the proper use of information assets to improve their information security literacy.

5.Relationship with business partners

The JCR Group may require its business partners to maintain an appropriate level of information security by examining their information security measures. Moreover, the JCR Group cooperates with its business partners to improve the information security ofthe JCR Group's business.

6.Continuous Improvement

The JCR Group continuously inspects, reviews, and makes necessary improvements to the efforts described in items 1 to 5 above.