Basic Policy on Information Security

The A&A Material Group (the "Group") recognizes that ensuring the security of information assets is an important management task and a serious social responsibility.
In order to maintain management activities in a stable manner, the Group has established this "Basic Policy on Information Security" and all executives and employees must comply with this basic policy, and strive for appropriate handling, protection and management of the information assets of the Group.

• 1.
  The Group will always comply with laws on information security and other social norms.
• 2.
  The Group will prescribe management methods, administrators, handling standards, etc. for information assets, and will protect information security.
• 3.
  The Group will take appropriate security measures to protect information assets from destruction, loss, theft, leakage, misuse, faults, disasters or incorrect processing.
• 4.
  In the event that a security accident occurs regarding information assets, the Group will take measures to minimize the damage, promptly investigate the cause and work to prevent recurrence.
• 5.
  The Group will educate and train all executives and employees about information security and strive to thoroughly disseminate information security.
• 6.
  The Group regularly conducts evaluations and reviews of the information security basic policy and related regulations and management systems to continuously improve information security.