The Isuzu Group strengthens preventive measures to address various risks surrounding its business and to prevent these risks from materializing into significant incidents. In the event that an incident does occur, we are committed to responding promptly and appropriately to prevent its escalation or worsening.

Isuzu is building its risk management system under the leadership of the Group Chief Risk Management Officer (CRMO). As part of this, we regularly hold Risk Management Review Meetings with risk management personnel from Isuzu's business execution divisions and key Group companies. These meetings monitor the progress of preventive measures and the status of incident responses, and direct enhancements to these initiatives.
Furthermore, we provide regular reports to the Management Meeting and the Board of Directors, where the Board supervises and evaluates the Group-wide risk management activities.

At Isuzu and its Group companies, incidents are comprehensively and promptly reported to the Risk Management Dept., while swift actions are taken to resolve them in order to prevent escalation or further severity. In cases where there is a potential for a major crisis, a response team is formed by members appointed by the Group CRMO, and they determine and implement various response policies to ensure thorough crisis management and minimize impact.
In the event of an incident that affects business operations or requires urgent attention, the Group CRMO promptly reports to the executive management, where they deliberate and decide on the appropriate course of action.
The Risk Management Dept. also verifies the effectiveness of recurrence prevention measures taken by the divisions or companies where the incident occurred, and ensures that incidents are shared within the Group to reinforce recurrence prevention across the entire organization.

Within the Isuzu Group, risks that could affect the business activities of Isuzu and its Group companies are comprehensively identified, analyzed, and evaluated. Risks that could have a significant impact on management as a Group are selected as Group Priority Risks. Based on this, Isuzu and its group companies formulate risk response plans focused on these Group Priority Risks and implement preventive measures accordingly.

Isuzu established the Group Information Security Policy under the leadership of the Group Chief Risk Management Officer (CRMO) and is developing, implementing, and providing training on a comprehensive information security management system and related regulations across Isuzu and its Group companies.

Management Structure

In the Isuzu Group, each division within Isuzu and each group company appoints an Person responsible for information security management. Based on the Information Security Governance Rules, they formulate annual action plans to reduce information security risks and implement various measures accordingly. The Group CRMO regularly convenes the Infomation Security Management Meeting to review the progress of measures undertaken by each division and Group company, consolidate any challenges, and provide instructions to strengthen information security efforts. Additionally, the Group CRMO works to maintain and improve information security management. The content discussed in the Information Security Executive Committee is regularly reported to the Management Meeting and the Board of Directors, ensuring the effectiveness of the Group's information security activities.

Information Security Management Operations

In addition to general information security regulations, Isuzu has established and is enforcing various cybersecurity rules across products, plants, IT systems, and the supply chain.
We participate in J-Auto-ISAC^*, an organization that collects and analyzes information related to automotive cybersecurity. Through this participation, we gather information on security incidents detected within the industry and have established and are operating a system for the development and manufacturing of vehicles with cybersecurity considerations in place.
These activities are conducted in reference to the Cybersecurity Management Guidelines issued by the Ministry of Economy, Trade and Industry, international regulations such as UN-R155 adopted by the World Forum for Harmonization of Vehicle Regulations (WP.29) under the United Nations Economic Commission for Europe, as well as international standards including ISO 21434, ISO 27001, and NIST SP800-171.

1. *J-Auto-ISAC: Japan Automotive ISAC, a Japanese automotive cybersecurity organization.