SHIONOGI Group Information Management Policy

Management of information is one of the most important issues for SHIONOGI Group Companies in order to fulfill corporate social responsibility as a healthcare provider and continuously serve as a value providing entity to our society. This policy provides a global framework for the management of information, including proprietary information and personal information, that are created or used in the course of SHIONOGI Group’s business operations, and its Guiding Principles and Fundamentals are intended to (i) provide direction to company personnel on how to appropriately manage our information; (ii) safeguard SHIONOGI Group’s Information Asset to help SHIONOGI Group manage and reduce operational reputational and litigation risks; and (iii) help SHIONOGI Group serve as a value providing entity to our society and achieve SHIONOGI Group Heritage of “supplying the best possible medicine to protect the health and wellbeing of the patients we serve.”.

All members of SHIONOGI Group Companies are expected to abide by this policy. 

1. Create business values

SHIONOGI Group Companies place Information Asset as the fourth company-owned key asset as well as human resources, products and capital. Our Information Asset can generate values to our group and stakeholders, namely investors, customers, society and employees. At the same time, we should fully recognize risks and costs of possessing information.

Our decisions on any information-related activities should be based on assessment of both value and risk/cost in company-wide perspective to avoid partial optimization for individual organizations which hinders productivity and mitigation of risks, including compliance and security risks.

By utilizing Information Asset cross-organizationally through appropriate processes compliant with legal/regulatory requirements, we aim to create business values.

In addition, once the responsibility for retaining information has been relieved and its objective has been accomplished, it should be discarded swiftly though appropriate process.

2. Share information with stakeholders

SHIONOGI Group Companies establish system and structure to provide external stakeholders with access to our information in order to make considerations to individual’s right to know about requisite information concerning matters that may affect their lives and wellbeing, and also to address social issues such as improvement of public health collaborating with stakeholders. In order that our information may be shared or utilized with those who need, we will take all necessary steps which include compliance with ELSI/regulatory requirements and having safeguards on confidentiality of our Information Asset.

3. Hold accountability

SHIONOGI Group Companies fulfill accountability about accuracy of information and appropriateness of transmission process in order to secure and maintain stakeholders’ trust.

4. Mitigate threat

SHIONOGI Group Companies protect company profit, SHIONOGI Group’s reputation, and stakeholders’ rights by taking appropriate organizational, operational and technical measures of information security to protect against unauthorized access to, breach, alteration, loss and destruction of information, which are required by law in the jurisdictions where we operate for safe and appropriate management of information.

5. Secure business continuity

SHIONOGI Group Companies establish management system against incidents natural disasters, human errors and malicious attacks, which may cause damages to Information Asset, in order to mitigate the risk of adversely affecting stakeholders by corporate activities being suspended or stopped with restrictions on creating or using information.

6. Compliance

SHIONOGI Group Companies comply with local laws, regulations and code of ethics in order to accomplish the aims described in aforementioned clauses.

We seek to achieve the above Guiding Principles by the following fundamental activities.

1. Establish information governance structure
SHIONOGI Group Companies will develop governance structure for information management and familiarize all members of SHIONOGI Group Companies with the roles and responsibilities for information management.

2. Develop data and IT strategies
In accordance with above-mentioned governance structure, data and IT strategies at the entire group level as well as the each group company level should be developed and communicated to responsible personnel to realize effective data utilization, maximize data value or to implement necessary security measures. 

3. Manage lifecycle of information appropriately
SHIONOGI Group Companies will set standards for information handling processes, and in accordance with such standards, information should be appropriately stored, utilized, transferred and discarded.

4. Manage data quality
SHIONOGI Group Companies will set standards for data quality management, and in accordance with such standards, data quality should be assessed and controlled by designated organization or personnel in order to realize quality-assured data utilization.

5. Implement information security measures
SHIONOGI Group Companies will set standards for implementing security measures for information, and in accordance with such standards, information including personal information should be safely utilized and maintained, complying with relevant laws, regulations and guidelines.

End of document

Established on April 1, 2020

Revised on May 22, 2025