Information Security Policy

1. Recognition of Information Security
   Sumitomo Corporation acknowledges the importance of ensuring information security, and wishes to further enhance the company's trustworthiness in its business operations. Therefore, Sumitomo Corporation shall implement appropriate measures including, but not limited to, the establishment and maintenance of relevant rules and guidelines so as to responsibly manage information assets on a consolidated basis globally and shall review them regularly.
2. Compliance
   Sumitomo Corporation shall comply with any applicable local, regional, national and international laws and regulations in relation to information security.
3. Management of Information Assets
   Sumitomo Corporation shall preserve confidentiality, integrity and availability through responsibly managing all information assets including personal data, and shall take all reasonable precautions in order to prevent unapproved disclosure, loss or impairment of such data.
4. Response to Information Security Incidents
   Whilst making the utmost endeavour to prevent information security incidents from occurring, in the unlikely event such an incident should occur, Sumitomo Corporation shall respond promptly to the incident and implement whatever preventive measures are necessary to avoid recurrence.
5. Awareness Education of Information Security
   Sumitomo Corporation shall regularly promote and maintain the provision of information security education including, but not limited to, further heightening the awareness of the importance of responsibly managing information assets.

1 October 2017
Sumitomo Corporation