Information Security Policy

Revised: August 1, 2025

ITOCHU Corporation (“We”) recognize that formulating a code of conduct regarding the handling of information for all officers and employees, and ensuring an advanced level of information security, are important priorities. Accordingly, all officers and employees will endeavor to appropriately handle, manage, protect, and maintain information in accordance with the Information Security Policy set forth herein.

1. Establishing Robust Information Security

Recognizing the importance of information security, and in order to address group-wide information security and cybersecurity risks, we have established a governance structure and a reporting process to management in the event of an incident. We have also developed relevant rules and policies, ensure that all officers and employees are thoroughly informed of them, and regularly review and continuously improve these measures.

2. Information Asset Management

We adequately manage all important information assets (including personal information and Specific Personal Information) to ensure their confidentiality, integrity, and availability. We are committed to implementing security measures to prevent unauthorized access, leakage, loss, and damage.

3. Compliance

We comply with laws, regulations, and other societal standards and practices relevant to information security.

4. Information Security Education

We ensure that all officers and employees are thoroughly informed of the necessity of information security and specific compliance requirements. In addition, to maintain and enhance our information management structure, we regularly provide information security training to all officers and employees.

5. Prevention and Response to Information Security Incidents

We are committed to preventing information security and cybersecurity incidents within the group. In the event that such an incident does occur, we will promptly investigate the cause and take appropriate measures, including implementing recurrence prevention strategies. Through various internal rules and policies relevant to information security and cybersecurity, as well as a robust organizational structure that includes our subsidiary specializing in cybersecurity, we ensure proactive monitoring and risk management.

6. Audits

Utilizing internal audits and other measures, we regularly audit the information security management systems and relevant initiatives across our entire group, including ITOCHU headquarters, ensuring they are appropriately maintained and managed.

7. Continuous Improvement

To address security risks arising from changes in laws, business environments, and information technology, we regularly review and continuously improve our information security management system and relevant initiatives.

Hiroyuki Naka
Member of the Board,
Executive Officer,
CXO,
General Manager, Group CEO Office
ITOCHU Corporation