Basic Information Security Policy
To earn greater trust from our customers and society, we will protect the confidentiality, integrity, and availability of our information assets while continuing to ensure information security, which is a critical challenge to our business operations. We will achieve this initiative by incorporating measures to address risks, such as cyberattacks, including preventing the leakage and unauthorized removal of information assets from within the company, as well as preventing the unauthorized acquisition and introduction of information assets from outside the company into our daily management activities, business operations, and organizational management.
In undertaking this initiative, we outline our approach to ensuring information security as shown below. All employees and other relevant personnel shall adhere to this basic policy. They shall recognize that each individual's responsibility is to understand the importance of information security and ensure information security in their work, and then conduct daily duties accordingly.
1. Scope of application
This policy applies to all information assets related to the business activities managed by the company and to all employees and other relevant personnel who handle such assets.
2. Compliance with legal and contractual requirements
We comply with all applicable laws, government guidelines and regulations, industry standards, and contractual obligations to our business partners. In the event of any violations of laws, contracts, or security incidents related to information security, we will take prompt and appropriate action to prevent recurrence.
3. Structure for information security management
We define the roles and responsibilities for overall information security management across the company and within each organization, implementing appropriate measures to address risks.
4. Information security education and training
We will continually provide all employees with the necessary education and training to ensure they understand their social responsibility in properly managing information assets and use them appropriately.
5. Ensuring information security
We operate and maintain a risk management process related to information security, based on the assumption that information security incidents and accidents are likely to occur. This process identifies the information assets that require protection and ensures the implementation of appropriate measures for information handling, data management, organizational and human security, as well as physical and technical security, aiming to prevent the materialization of risks. We will also prepare for the materialization of risks by implementing swift initial response measures in the event of information security incidents or accidents, striving to minimize damage.
6. Continuous improvement
We will implement continuous improvement by periodically reviewing our information security management structure, roles, responsibilities, and management processes to adapt to changes in the business environment and social conditions while maintaining our information security initiatives.
Date of enactment: August 1, 2025
Takahiro Yamamoto, President & Chief Executive Officer