INFORMATION SECURITY POLICY

May 18, 2018

The Company believes that a corporation is supported by the three elements of “customers,” “interested parties including shareholders,” and “employees (including all workers involved in business of the Company).” The Company shall conduct our business based on the concept that it is important to maintain and continue corporate activities while satisfying all three of the aforementioned parties, avoiding antisocial behavior, and securing appropriate profits.

In each business field, the most important issue is to determine the kinds of services which must be provided to customers in order to obtain customer satisfaction and the business goal is to continually provide services. Accordingly, the Company recognizes that the role of security management is to prevent and control security risks, threats, etc., that interfere with the continuous provision of services.

The Company shall establish an information security policy based on this recognition. By steadily implementing information security management, we shall exist as a company that earns even greater satisfaction and trust from our customers, and shall ensure the continuous provision of our services.

1. Information security initiatives
   The Company shall establish a security management system that is led by executives and has a clarified division of responsibilities. We shall strive to improve information security in accordance with the actual conditions of advancements in information technology, development and maintenance of information systems, handling of information, etc.
   
   
2. Education and training
   In addition to raising awareness of information security among officers and employees, the Company shall implement education and training aimed at ensuring thorough awareness of information security management.
   
3. Prevention of security failure accidents and response to accidents
   The Company shall strive to prevent security failure accidents. In the unlikely event of a failure accident, we shall promptly take appropriate measures for preventing recurrence.
   
   
4. Legal compliance
   The Company shall require all employees to comply with security-related laws and internal rules regarding information security.
   
   
5. Measures against security violations
   In response to parties who violate our information security policy and internal rules regarding information security, the Company shall take measures including disciplinary action based on the prescribed rules.
   
   
6. Business and service continuity
   The Company shall formulate business continuity management procedures in advance to prepare for situations in which services or business operations are interrupted due to a serious failure, disaster, etc., maintain the procedures through training and testing, and aim for fast recovery of services which meet the expectations of customers.