We engage in risk management based on thepolicies outlined in our Risk ManagementRegulations, which detail risk prevention measuresfor incidents with the potential to interrupt businessoperations and appropriate responses in the eventa risk incident occurs. The Risk ManagementCommittee, which is chaired by the President,serves as the entity in charge of risk management.This Committee holds regular monthly meetings, oras necessary in cases of an emergency, to monitorthe status of risk management structure creationand reports on risk management activities receivedfrom business divisions. At least once every threemonths, the Committee issues reports to the Boardof Directors on the status of risk management butissues a report immediately in the event of a seriousincident.Divisions work to ascertain, analyze, and assesslatent risks in order to prevent risks before theyoccur. In accordance with Division RiskManagement Parameters, we set a baseline amountcalculated by multiplying ordinary profit plan figuresby a specific coefficient. Any risks with anestimated impact exceeding the calculated amountare reported to the Risk Management Committee.

AS ONE has over 4,000 suppliers, 4,700 dealers, anda customer base of researchers comprised of AXELmembers and ocean users who rely on the timelyorder processing and shipment of the more than 6.3million products we offer. To fulfill our commitment asa hub for research and medical supplies, we take fulladvantage of various IT systems. We also possessmassive information assets ranging from digitalinformation such as our product and price masterdatabases to analog confidential information. Werecognize that stable IT systems and the protectionand management of our information assets arecritical management issues.We implement information security measures basedon our Information Security Regulations and ourInformation Security Response Standards. Recentmeasures include adopting thin-client terminals for allemployees as part of our telecommutinginfrastructure development, the dispersal of ourservers and establishment of redundantcommunication routes, and the implementation ofmultiple redundancies to protect againstcyberattacks. We also are enhancing employeeenlightenment activities. Moving forward, we willcontinue to strengthen our security based on anassumption of zero trust (nowhere is safe).