Governance 4. Development of an emergency response system to address incidents The Fujifilm Group provides a one-stop report reception office to accept reports about information security incidents and cyberattacks to promptly gather information about such incidents in a centralized manner. In the event of an incident, the ICT security management organization and the information security governance organization work together, sharing tasks, to implement measures to minimize any damage. Board of Directors Report ESG Committee (Chaired by President) Report Information Security Management Structure Chief Information Security Governance Officer Chief ICT Security Officer ・ ・ Information Security Governance Organization ICT Security Management Organization FUJIFILM CERT ・ Information Security Incident Reception Office (Reporting System) Report Report Each Group company and CSIRT at each region each organization 5. Measures for supply chain security The Fujifilm Group’s activities are organized acknowledging that the scope of management is not limited to its own companies but also the entire supply chain including business partners. Cases of cyberattacks in the supply chain have been reported that actually affect the manufacture and supply of goods. Following the Japanese government’s warnings on the need to reinforce cybersecurity countermeasures, measures to address cyber risks at suppliers have been implemented. In addition to the existing measures on information security management at subcontractors, our suppliers in Japan and other countries have been instructed to carry out information security self-checks to assess the status. Responses have been received from 722 companies. This self-check has enabled us to confirm the status of information security at our suppliers. This was followed up by a clear statement of the level expected of a company in the Fujifilm Group and a request to reinforce security. We will conduct these checks regularly in the future to reduce information security risks at our suppliers. For details on information security management at our suppliers, please refer to the Fujifilm Holdings Information Security Report, "Information Security in Cooperation with Business Partners." Information Security Report https://holdings.fujifilm.com/en/sustainability/activity/governance/security 6. Closer communication with stakeholders and other relevant parties To report on Fujifilm’s activities on information security and to win stakeholders’ trust for its business operations, the Fujifilm Group publishes an Information Security Report. FUJIFILM CERT is a member of the Forum of Incident Response and Security Teams (FIRST), the international CSIRT community, and also of the Nippon CSIRT Association, the CSIRT community in Japan. This contributes to greater security and safety in cyberspace through information exchange and coordination with other CSIRTs in Japan and other countries. 43 FUJIFILM Holdings Corporation Sustainability Report 2023