1. Objective/Purpose
The Group recognizes that information related to our business is an important asset. We appropriately manage and protect information assets in accordance with this information security policy (hereinafter, “the Policy”) in order to ensure information security. The Policy applies to everything recognized as the Group’s information assets.

2. Definition of information security
Information security means ensuring and maintaining confidentiality, integrity, and availability as defined below.
Confidentiality：Prevent information from being leaked to the outside, information systems from being infiltrated, etc. Ensure that only authorized persons can access the information.
Integrity：Ensure the accuracy and completeness of information and processing methods.
Availability：Allow authorized users to access information assets when needed. Furthermore, the term “information assets” as used in the Policy is a general term that encompasses all electronic information, non-electronic information, and memory information related to business that is held by the company, and all hardware, software, networks, etc., used in the creation, storage, transmission, collection, etc., of that information held by the company, regardless of the recording medium.

3. Management and maintenance of information system
The Group continuously improves the information systems that form the basis of our business. We also build backup systems to ensure fast recovery for business continuity without any hindrances, even if the functions of the main information systems are damaged due to a disaster or accident.

4. Compliance
The Group complies with various laws/regulations and internal rules regarding the handling of information. We faithfully enforce contractual confidentiality obligations for contract employees and outsourced companies. Moreover, we act in accordance with work regulations to strictly respond to violations of information confidentiality.

5. Construction and operation of information security system
The Group has prepared relevant internal rules and operation manuals based on the Policy. These rules and manuals provide clear instructions on the handling of information assets in general. Furthermore, in order to ensure information security, we construct the required systems and document applicable rules to enable appropriate behavior during routine work and appropriate response in the event of an emergency.

6. Education and training
The Group provides the appropriate education and training necessary to promote understanding of information security, with the goal of heightening awareness toward information security.

7. Continuous improvement of information security
The Group constantly evaluates the status of information security and continuously reviews the relevant internal rules and operation manuals in order to respond to changes in legal systems and social conditions surrounding information security. We will strive to maintain best information security.