Chapter 1　Purpose

The Information Security Global Policy (hereinafter the “Global Policy”), based on the recognition that the information assets handled by Ono Pharmaceutical Co., Ltd. and its subsidiaries are important management resources and assets and a source of corporate value, sets forth the basic policy concerning information security for strictly protecting such information assets – including research and development information, external information obtained in the course of business, and personal information of customers and business partners – preventing leakage, and, within the ONO Group, appropriately sharing information and promoting its utilization.

Chapter 2　Definitions of Terminologies

Article1　The terms used in this Global Policy are defined below.

1. “All Policies” mean Global Policies and other Policies (including rules, detailed rules, and other items equivalent to Individual Entity Policies.
2. “Employees” means directors, officers, regular employees, contract employees, and other employees of the ONO Group, including temporary staff and fixed-term employees.
3. “Global Policies” means a fundamental policy or policies commonly applied by the entire ONO Group which embody ONO Group's principles.
4. “Individual Entity Policy” means basic regulatory requirements, authorities, responsibilities, procedures, and methods of operation, consistent with the principles of the Global Policy, that are established and applied by each entity.
5. “Information” means all information in any form, whether electronic data, paper, or otherwise, and includes personal information and confidential information.
6. “Information Assets” means the combination of information and information systems.
7. “Information Security” means maintaining the confidentiality, integrity, and availability of information assets.
8. “Information Systems” means systems composed of computers, communication networks, and external storage media for the handling of information. Information systems also include rules such as procedures and processes concerning their development, maintenance, administration, operation, and use.
9. “ONO Group” means Ono Pharmaceutical Co., Ltd. and each of Subsidiaries.
10. “Subsidiary(ies)” means an entity or entities in which Ono Pharmaceutical Co., Ltd. directly or indirectly holds a majority of voting rights (more than 50%) or otherwise exercises equivalent substantial control. Indirect ownership includes all entities in a continuous chain of control, such as subsidiaries and sub-subsidiaries.

Chapter 3　Scope

This Global Policy shall be applicable to all entities within ONO Group and Employees.

Chapter 4　Basic Principle

Article 1 　Governance Structure

The ONO Group shall establish an information security management system to implement this Global Policy and shall establish the policy documents concerning information security pursuant to this Global Policy.

Article 2 　Information Security Controls

To prevent leakage, tampering, loss or destruction of information assets handled in its business activities, the ONO Group shall implement appropriate information security controls regarding the handling and management of information assets, the operation, development, and use of information systems, outsourcing, and facilities and equipment.

Article 3 　Compliance

The ONO Group shall comply with domestic and international laws, regulations, and other rules concerning information security, and act in accordance with information ethics to ensure appropriate fulfillment of confidentiality responsibilities, obligations for accountability, storage, and disclosure, as well as the protection of its rights.

Article4 　Education

To foster and maintain awareness of information security, the ONO Group shall communicate the necessity and importance of maintaining information security through group training, onboarding training, and other appropriate methods to the employees, etc. and other relevant parties who handle its information assets and shall manage the status of training attendance.

Article5 　Incident Response

1. The ONO Group shall establish a communication and reporting structure to prevent information security incidents and to ensure that, in the event of any security incident or accident, necessary measures such as preventing further damage, preserving evidence, and restoration can be implemented promptly and smoothly.
2. In the event of an incident, the ONO Group shall promptly investigate the cause and strive to minimize damage and prevent recurrence.

Article6 　Audit

1. To ensure the effectiveness of this Global Policy, the ONO Group shall periodically inspect its information security management system and controls.
2. Based on the results of such inspections, the ONO Group shall conduct timely review and strive for continuous improvement.