Basic Policy Concerning Information Security

In fulfilling its social mission of undertaking stable supply of non-ferrous metal resources and advanced materials, the JX Metals Group recognizes that confidential corporate information and personal information in its possession, including information entrusted to the Group by customers and business partners, are important resources, and has established a Basic Policy Concerning Information Security to strengthen organized and continuous information security.

1.Compliance with Laws and Regulations, and Social Responsibility
The JX Metals Group shall comply with laws and regulations related to information security, the guidelines set forth by the national government, obligations under contracts, in-house rules, etc., and foster a corporate culture that places importance on compliance management and information security.
2.Maintaining and Improving Trust from Customers and Business Partners
The JX Metals Group shall steadfastly secure information assets entrusted to it by customers and business partners.
3.Contributing to Expansion of Business Opportunities of the JX Metals Group
The JX Metals Group shall steadfastly secure information assets that could become sources of competitive advantage.

To realize this Basic Policy, the JX Metals Group shall appropriately manage and maintain information security through the following specific efforts:

1.Responsibilities of Top Management
Establish effective management structures through information security management.
2.Information Security Management
Appropriately operate and continuously improve information security management systems, led by the organizational unit supervising information security.
3.Preparation and Revision of Documentation Relating to Information Security
Stipulate information security management systems and measures in writing, thoroughly publicize them to all employees, and periodically revise them to prevent obsolescence and discrepancies.
4.Information Security Training
Conduct information security training periodically for all employees.
5.Management of Information Security Incidents
Prevent incidents concerning information security. Minimize the impact of any incidents and examine measures to prevent recurrence.