Olympus Group Information Security Policy

All our activities are based on our corporate philosophy, "Making people's lives healthier, safer and more fulfilling". Following this philosophy, The Olympus Group appropriately protects and manages all the information and our information systems we handle ("Information assets"), as well as customer information on our products and services while making proactive use of them and will continuously review and improve these activities.

1. Compliance with Laws and Regulations

We will comply with the laws, regulations, and contractual duties related to information security in all countries and regions where we operate.

2. Management and Protection of Information

We will manage and protect the information assets (customer and internal) appropriately in our business activities. We will also implement measures to prevent the inappropriate use (e.g., violation of laws and regulations related information security) of these assets detrimental to Olympus and any acts that might decrease the value of the assets, such as falsification, destruction, leakage and abuse.

3. Establishment of an Information Security Organization Structure

To ensure the appropriate management and protection of our information security related the Olympus Group business, we will establish an information security organization structure led by Chief Information Security Officer (CISO) and clarify the related responsibilities.
We will make effort to manage and establish information security under the global governance structure that should comprehensively covers Olympus every regions and functions (product, IT, data protection, and so on) initiated by CISO, and fulfill accountability to our stakeholders.

4. Establishment of Rules

We will establish the in-house rules to clarify the measures to be implemented to ensure information security. We will also revise these rules, processes and controls continuously.

5. Education

We will increase information security awareness among all affiliates and provide them with necessary education and training on information security.

6. Emergency Responses

We will work to prevent information security-related incidents. If an information security incident occurs, we will make prompt responses to it and implement measures to prevent the reoccurrence of similar problems.
We will implement countermeasures promptly, not to spread the impact of accidents, such as information sharing with authorities or information disclosure for customers.