Information Security Policy

1.Scope of the Information Security Policy
The “information assets” to which this policy applies are the information gauned by this company through its corporate activities, and as such it applies to all information and information systems possessed by this company for the purposes of its business. This policy is applicable to all of the company’s executives, regular employees, contracted employees, part-time employees, or any other type of employee involved in the handling and management of information assets; it is also applicable to the employees of cooperative companies and outsourcing vendors (hereafter referred to as “informaation users”) who handle the information assets of this company.
2.Establishment of the Information Security Structure
In order to carry out company-wide measures for information security and the protection of information assets, an Information Security Subcommittee will be formed underneath the internal control committee, with the person responsible for the administration of personal information appointed as the chairperson. In this way, we will establish a structure that can swiftly carry out the required measures.
3.Information Security Measures
We will maintain internal regulations based on this policy, and together with the disclosure of our clear policy regarding the handling of information assets, we will establish an appropriate system to prevent the leakage, loss, theft, manipulation, or destruction of information assets.
4.Education Regarding Information Security
We will regularly conduct the necessary security education and training for information users based on their work duties. In this way, we will improve knowledge and abilities regarding information security for everyone involved in the handling of information assets.
5.Maintenance of the Internal Audit System
We will maintain the internal audit system to monitor for compliance with this policy, company regulations, rules set by the Information Security Subcommittee, and etc.