Our Approach to Risk Management

TOYO Corporation Group recognizes that robust, effective risk management is essential to establishing a sound governance foundation and enhancing long-term corporate value. We define risk as any uncertainty that may influence the execution of our business activities or the achievement of our strategies.
We identify, assess, and manage material risks to prevent their occurrence, mitigate potential impacts, and ensure they are appropriately reflected in strategic and managerial decision-making. We also conduct ongoing reviews of our risk management framework to ensure alignment with changes in our operating environment and evolving stakeholder expectations.

Risk Management Framework

At TOYO Corporation, the President & CEO serves as the Chief Risk Officer (CRO). The Risk & Compliance Committee, chaired by the executive officer responsible for risk management, oversees risk management activities across the Group.
The Committee establishes risk management frameworks for potential risks, reviews response policies should risks materialize, and monitors the status and effectiveness of mitigation measures.
In addition, the Committee conducts an annual assessment of the progress and effectiveness of risk management and reports its findings to the Board of Directors, ensuring strong governance oversight.

Managing Information Security Risks

Information security is considered a key material issue for maintaining stable and reliable business operations. To safeguard customers’ confidential information, personal data, and our information assets, we have established the Information Security Policy and continuously work to maintain and enhance our information security capabilities.

Information Security Policy

1. Establishment and continuous improvement of the information security management system

In order to ensure the secure management of information assets, we establish and operate an information security management system, supervise the operation status, and continuously maintain and improve the system.
In order to ensure that the information security management system contributes to corporate management, we set information security targets and promote activities to achieve them.

2. Compliance with legal regulations and contractual requirements

We comply with the laws and regulations concerning information assets, as well as with the requirements of contracts concluded with customers and external stakeholders.

3. Protection of information assets and continuous risk management

We conduct ongoing risk management, identify and evaluate information security risks that may affect our business in handling information assets, implement appropriate measures based on risk acceptance standards, and strive to protect information assets properly.

4. Implementation of educational training

We continuously provide educational training on information security to all the personnel engaged in our business in order to make them aware of the importance of information security and to ensure proper use and management of information assets.

5. Safe operations

In the event of an incident related to information security, we take emergency measures as necessary based on a timely report of the incident to minimize damage, analyze the cause of the incident, and take appropriate measures to prevent any recurrence.

6. Formulation of a business continuity plan

We minimize the impact of disasters and other events on our business activities, formulate a business continuity plan for recovery, and strive to continue our business in the event of an emergency.

Information Security Governance

A Chief Information Security Officer (CISO) oversees all information assets, supported by a dedicated department that develops and promotes company-wide policies and systems for information asset management. In addition, each department head serves as an Information Management Manager, ensuring compliance with information security requirements within their area. To address key information security matters, TOYO Corporation has established the Information Systems Committee. The Committee formulates policies and plans, and implements initiatives related to information security management.
We continue to strengthen security measures, including initiatives to prevent information leakage and safeguard against cyberattacks.

Information Security Training

To enhance our information security standards, TOYO Corporation conducts quarterly training for all employees, including temporary staff. We also perform simulated targeted email attack exercises to improve employees’ ability to identify and respond to phishing attempts.
In 2025, 100% of eligible employees completed the security training.

Ensuring the Reliability of Financial Reporting

TOYO Corporation evaluates the framework and operation of our internal controls annually in accordance with the internal control reporting requirements (J SOX) under the Financial Instruments and Exchange Act to ensure the reliability of financial reporting.