Information Security Policy

Date of establishment: April 1, 2016

ITOCHU Corporation (“We”) establishes code of conduct for all members of the board and employees regarding the handling of information, and is aware of the importance of acquiring high-security level.
We, therefore, hereby establish Information Security Policy, and all officers and employees make every effort to adequately treat, manage, protect, and maintain the information by obeying the policy.

1. Actions for Information Security

We are aware of the importance of the information security, and therefore set administrative structure for corresponding against information security risks, establish related rules, and familiarize to all officers and employees as well as reviewing them regularly for continual improvement.

2. Information Asset Management

We adequately manage all the important information assets (including personal information and Specific Personal Information) in order to maintain the confidentiality, integrity, and availability, and make every effort for safety management such as prevention of unauthorized access, divulgation, loss, and damage.

3. Information Security Education

We familiarize to all officers and employees the necessity of information security and specific compliance rules, and regularly conduct information security education against all officers and employees for maintaining and improving our information management structure.

4. Correspondence and Prevention of Information Security Incidents

We make every effort to prevent information security incidents from happening, and promptly determine the cause and take appropriate correspondence including setting preventive measures if by any chance incident occurs.

5. Compliance

We observe the laws, regulations and other norms related with information security.

Masahiro Okafuji
President & Chief Executive Officer
ITOCHU Corporation