Kurita Group Information Security Policy

Kurita Water Industries Ltd. and its consolidated subsidiaries (hereinafter called the “Kurita Group”) will position information security as one of the top priorities and be committed to protecting information assets based on the following policies to enhance responsibility and awareness throughout the organization. In order to maintain the trust of customers, business partners, shareholders, and society, Kurita Group shall implement continual improvements to its information security through regularly evaluating and analyzing its information security efforts.

Kurita Group will comply with the Kurita Group Code of Conduct and other internal regulations, information security laws and guidelines established by each country and region, and other social norms.

Kurita Group will conduct risk assessments regularly and implement physical, technical, personnel and organizational measures as necessary, covering both IT and OT* , to respond to changing information security risks. These measures include education on information security, access control, and entry/exit management.

*OT：Operational Technology

Kurita Group has established a Group-wide, cross-functional information security management system centered around the Group Chief Information Security Officer to promote information security measures. In the event of an information security incident, Kurita Group will promptly collect the relevant information, investigate the cause, minimize the damage, and strive to prevent recurrence.

Kurita Group will provide all executives and employees with information security education at least once a year to enhance security awareness and prevent incidents. This education covers the objectives and trends of information security, rules, information security incident cases, and prevention measures.