COMPLIANCE

Thoroughly ensuring high ethics and law-abiding spirit prevents misconducts. In the event of misconduct, the TOSHIBA TEC Group takes proper and prompt action.

Risk Compliance Management

The TOSHIBA TEC Group appoints each president and CEO as a CRO*1 in order to propagate and thoroughly implement the "TOSHIBA TEC Group Standards Of Conduct" while promoting the measures of Risk Compliance Management. Top management exercises the initiative to devise and promote various measures, as well as take actions involving emergency situations.

Appointing the CRO as a chairperson, TOSHIBA TEC Corporation organizes the Risk Compliance Committee*2, to maintain a Group-wide structure, devise and promote measures toward the advancement of Risk Compliance as well as TOSHIBA TEC easures.

A system, which encourages every employee to actively and directly report and provide risk compliance-related issues to the "CRO" or "outside attorneys," is introduced and implemented. A whistleblower system "TOSHIBA TEC Partner Hotline" for suppliers is also set up to encourage suppliers to report such matters on the TOSHIBA TEC website.

1. *1 CRO: Chief Risk-Compliance Management Officer
2. *2 Risk Compliance Committee: It devises corporatewide measures and controls measures regarding Risk Compliance, reinforces and promotes maintenance of the Risk Compliance Structure.

Risk Compliance Management System

Compliance Education

To thoroughly ensure a law-abiding spirit and awareness toward compliance, the TOSHIBA TEC Group periodically provides various educational seminars to employees. Employees who work outside Japan also receive education to manage global business expansion. For the Group companies outside Japan, compliance education reflecting regional characteristics is provided.

In addition, seminars regarding "information security," "protection of personal data," "export control program" and "environmental education" are provided to each employee.

Page Top

Information Security

1) Information Security

TOSHIBA TEC Corporation reviews its internal rules concerning information security and continues improvements in self-audits among each division, in response to changes in the social environment.

e-Learning is used to learn rules to prevent accidents and ensure information security while handling information. Education is provided to directors, employees, employees dispatched from cooperation companies. In 2008, TOSHIBA TEC Corporation made efforts to reinforce security, such as establishing the standard of treatment regarding "Information Requiring Tight Control."

Similar measures are taken at each TOSHIBA TEC Group company, thus, the Group makes a concerted effort to maintain and improve information security.

2) Information Security Measures

A firewall has been set up between the Internet and the corporate intranet, to prevent unauthorized access from the Internet into the corporate intranet, as well as to protect information leaks.

All possible measures are taken to ensure client computers receive updates of viruses by incorporating anti-virus software, to prevent virus infections.

The server is housed in a safe data center, to manage important information and information systems, and take anti-risk measures including disasters. Furthermore, by limiting available information, controlling usage of records and encrypting confidential information including personal data, security is enhanced.

Page Top

Security Export Control

Policy regarding Export Control

Recently, the nonproliferation of weapons of mass destruction and conventional weapons in countries, regions or to terrorists, which threaten security, is a critical issue in an international society.

The TOSHIBA TEC Group maintains a basic policy, it will not engage in any transaction, which could potentially undermine international peace and security. Under this basic policy, the TOSHIBA TEC Group complies with all applicable export control laws and regulations in countries and regions where it operates (the Foreign Exchange and Foreign Trade Control Law in Japan). The Group also complies with U.S. export control laws and regulations with respect to transactions involving U.S. origin cargos and technologies.

Based on this basic policy the TOSHIBA TEC Group has established the "Export Control Program" and built an export control system, while carrying out strict export control.

Export Control System

In TOSHIBA TEC Corporation's export control system, the representative director is assigned to a chief export control officer, and the Corporate Export Control Group, which controls general operations of the TOSHIBA TEC Export Control Program is allocated under the chief export control officer. General managers of business groups and corporate staff divisions conduct export control as export control management officers.

Under this system, the following items are implemented to realize strict export control.

• Cargo/technology relevance judgment
• Transaction screenings
• Export control audits
• Export control education
• Guidance and support for supervised group companies

Page Top

Protection of Personal Data

The TOSHIBA TEC Group provides a variety of in-house specifications, which define the management system and proper handling of personal data to comply with all applicable laws and regulations, as well as to take all possible measures to prevent personal data leaks. The Group also strives to thoroughly protect personal data, while providing education to employees and improving measures to physically control portable electronic devices.

In particular, "Privacy Policy" is posted on the website, along with the "Personal Data Protection Program" which defines the handling of personal data and in-house management structure.

In addition, handbooks are distributed to all employees giving clear explanations of this program, while education is provided to allow employees to enhance their sensitivity for protecting personal data. Thus, every employee is required to thoroughly protect personal data within the realm of expanding business activities.