Information Security Basic Policy

5J6A8025 (Copy)

Information Security Basic Policy

1. Purpose of information security
We consider that it is a social responsibility as a company to properly handle and protect information assets.
Therefore, in view of the importance of information security, we aim to manage and operate information security by preventing loss, theft, unauthorized use, falsification and leakage of all information assets related to operations. .

2. Information Security Definitions
Information security is defined as maintaining the confidentiality, integrity, and availability of information assets.
(1) Information assets are information owned by customers and our company. The scope of information
includes all forms of audio, text, images and video, not only in software, electronic devices that are hardware, and media that exist in information systems .
(2) Confidentiality of information assets means that only information assets with the authority to refer can be referred to, and those without the authority to refer can not be referred to.
(3) Completeness of information assets means maintaining information assets accurately and completely.
(4) The availability of information assets is to be used while maintaining authenticity, reliability, and usage trails in the manner prescribed when the information assets are required.

3. Scope Applies to
all business operations of the Company and all executives, employees and employees of partner companies.

4. Organizational Structure
of Information Security To establish information security, we will establish an organizational structure.
(1) The Information Security Committee will be established as the top decision-making body for information security issues. The Chief Executive Officer of the Information Security Committee will be responsible for this.
(2) Establish a management system for information security, and establish an information security manager in charge of implementation, operation, monitoring, review, and improvement. The information security officer is appointed by the information security committee.
(3) In order to properly manage and operate information security in each department, an information security officer is appointed in each department. The information security officer is appointed by the information security officer, who is appointed by the information security committee.

(4) The information security auditor will be appointed as the person in charge of monitoring that information security is properly realized, managed and operated, and the review is carried out when improvement is necessary. The Information Security Auditor is appointed by the Information Security Committee.

5. Operation Management
of Information Security In order to maintain appropriate management of information security, we operate and manage information assets as follows.
(1) The authority over information assets gives the necessary authority only to persons required for business.
(2) Information assets are managed reasonably and appropriately in accordance with the law and contracts.
(3) Continuously monitor that information assets are properly managed.
(4) All executives, employees and employees of partner companies of the Company shall regularly receive information security education.
(5) In the event of an information security incident, or in the case of encountering a threat with the possibility of an accident, we will respond promptly to maintain business continuity and analyze the situation and causes. Take preventive measures as necessary.

6. Personal Information Protection In
order to properly handle and protect personal information, we operate and manage personal information as follows.
(1) We will acquire, use, and provide personal information within the scope and period necessary for the purpose of using it for business and for employment of employees, and for performing specified business in personnel management.
(2) For personal information, we will take reasonable security measures and continuously maintain and improve them in accordance with the guidelines and standards of the law and relevant ministries and agencies.
(3) We will respond promptly and in good faith to complaints, corrections, disclosures, etc. regarding personal information.

7. Publicity
This policy will be familiar to all executives, employees and employees of partner companies. If you violate this policy and information security related regulations, disciplinary action will be applied in accordance with the employment rules or contract.

8. Maintenance
We review and maintain the information security policy each year or as needed.