Information Security Basic Policy

About “SECURITY ACTION”

“SECURITY ACTION” is a program operated by the Information-technology Promotion Agency, Japan (IPA).
It encourages small and medium-sized enterprises to voluntarily declare their commitment to information security measures, aiming to help build a safe and secure IT society.
Our company has declared the “★★ Two-Star” level under the “SECURITY ACTION” initiative.
We will continue to make efforts to strengthen our information security measures.

Information Security Basic Policy

Shiratori Pharmaceutical Co., Ltd. (hereinafter referred to as “the Company”) is committed to protecting its information assets from threats such as failures, accidents, disasters, and crimes, and to earning the trust of customers and society by implementing the following policies company-wide.

1. Responsibility of Management

Management approves the direction of information security led by the internal framework described below, allocates necessary management resources, and supports these activities to ensure the continuous development of the organization through the protection of information assets.

2. Establishment of Internal Framework

The Company operates “s-isms” (our internal ISMS-compliant system) based on a riskbased approach. Under the leadership of the CISO (Chief Information Security Officer), the Company implements, maintains, and executes information security policies and related measures. Regular reviews are conducted to ensure continuous improvement.

3. Employee Initiatives

Employees shall comply with the basic policies stipulated in “s-isms,” internal regulations and guidelines, and information security training, thereby safeguarding the security of information assets. Each employee recognizes that they are responsible for information security and acts accordingly in daily operations.

4. Technical Measures and Education

In addition to information security training, the Company implements technical measures such as internal virtualization infrastructure, VDI, EDR, email security, wireless authentication, multi-factor authentication, IDaaS through SSO, BCP-oriented backup systems, and network segmentation to ensure the confidentiality, integrity, and availability of information assets.

5. Supply Chain Initiatives

The Company sets forth information security requirements through contracts and guidelines with business partners, encourages the adoption of technical measures, and faithfully responds to information security requirements from customers. In this way, we strive to improve the overall security level of the supply chain.

6. Compliance with Laws and Contractual Obligations

The Company complies with laws, regulations, codes, and contractual obligations related to information security. By doing so, we ensure transparency and reliability in our business and maintain trust with stakeholders.

7. Response to Violations and Incidents

In the event of violations of laws, contracts, or incidents related to information security, the Company promptly carries out the procedures stipulated in “s-isms” to prevent further damage. Recurrence prevention measures are implemented, and lessons learned are reflected in future practices.