Information Security Policy

About Security

We recognize the appropriate protection of information assets as an important management issue, and in order to appropriately protect important information assets held by us or received from stakeholders and external organizations from various threats, we have established a basic policy on information security and appropriately allocate necessary management resources.

1.Purpose

This Basic Policy on Information Security (hereinafter referred to as the "Basic Policy") clarifies the basic policy for the establishment of our Information Security Management System (hereinafter referred to as the "ISMS"). We will position this policy as the foundation of our ISMS from now on.

2.Scope of Application

This policy applies to all information assets handled by the Company in the course of its business activities and to all parties involved with such information assets.

3.Information Security Management System

To establish, operate, maintain, and improve the ISMS based on the Basic Policy, the Information Security Committee shall be established and a Chief Information Security Officer (hereinafter referred to as "CISO") shall be appointed. The CISO shall facilitate the implementation of the Basic Policy based on appropriate standards and implementation procedures.

4.Information Security Education

We will continuously educate all employees to improve their knowledge and awareness of information security.

5.Information Security Audits

To ensure the confidentiality, integrity, and availability of all information assets in our possession, we determine and implement risk assessment methods appropriate to our circumstances. We will work to protect information assets appropriately under our information security management system.

6.Compliance with Laws and Regulations

We comply with all laws, regulations, and other norms related to information security, including the Personal Information Protection Law, as well as contractual security requirements.