Basic Information Security Policy

Remedy Group (hereinafter referred to as ‘the Group’), as your medicine development partner, regards the protection of all intellectual property handled during research and development process and clinical development as important corporate practice, and recognizes the development of appropriate process for information handling and safety management as important social responsibility. As a result, the Group has established “Basic Information Security Policy”. All executives and employees shall comply with this policy and handle, manage and protect information appropriately in accordance to this policy.

1. 1. The Establishment of Information Security Management System

   In order to establish the information security management system, a person-in-charge of information security will be appointed. Under the instruction of the person-in-charge of information security, process on maintaining and improving information security will be carried out. In addition, these processes will be audited in regular intervals and improvement system will be established.

2. 2. Implementation of Security Measures

   In order to protect information assets, risk assessment will be carried out. Security measures e.g. measures against information leakage, measures against unauthorized access, protection against virus, and quality assurance will be implemented.

3. 3. Review

   In light of fast-changing business environment, social environment, laws and regulations, latest trend in information technology as well as newly discovered risk, the relevance of this basic policy will be reviewed timely and improved continuously.

4. 4. Compliance with Laws, National Norms and Contractual requirements

   In addition to standards in conducting clinical trials, in order to avoid violation of laws relating information security, national norms, contractual requirements and security requirements, measures to clarify and comply all requirements will be formulated and implemented.

5. 5. Security Measures for Outsourcing Services

   With regards to outsourced operation, the Group will assess the suitability of outsourcing companies, review and improve the content of contracts from the viewpoint of confidential information and personal information protection.

6. 6. Security Breach Incident Prevention Measures & Management

   The Group works hard to prevent security breach. However, in the event of a security breach incident, appropriate measures including recurrence prevention will be carried out promptly.

7. 7. Education and Training on Information Security

   The Group provides regular education and training on information security to all employees handling information assets. The importance of information security, appropriate handling and management of information assets are also made known to all employees.

8. 8. Business Continuity Management

   The Group attempts to prevent incidents that could lead to business disruptions e.g. natural disaster, machine failures, negligence and intentional misuse of information assets and ensures business continuity.