information

SECURITY

Information Security Policy

1. Purpose
As the scale of the company grows, it is expected that its social responsibilities and roles will also become heavier. As an information distribution company trusted by customers and society, our goal is to ensure customer trust and minimize business losses by preventing security incidents related to customer information.

2. Definition of Information Security
Information security means ensuring and maintaining confidentiality, integrity and availability.
(1) Confidentiality: The property of making information unavailable or private to unauthorized individuals, entities (groups, etc.) or processes. (Protecting information from disclosure or unauthorized access.)
(2) Integrity: The property of protecting the accuracy and completeness of assets (protecting information from falsification or errors).
(3) Availability: The characteristic of being able to access and use information when requested by an authorized entity (group, etc.) (protecting information from loss or damage, system downtime, etc.).

3. Scope of application
[Organization]: JOC Network Co., Ltd.
[Facility]: Kyoto Head Office
[Work]: Software development and software management
[Assets]: Documents, data, and customer support management system related to the above business and services
[Network]: Company-wide network

4. Implementation details
(1) We will establish, implement, operate, monitor, review, maintain, and improve an information security management system to protect all applicable information assets from threats (leakage, unauthorized access, tampering, loss, and damage).
(2) Information assets will be handled in compliance with applicable laws and regulations and contractual requirements.
(3) Prevention and recovery procedures shall be established and regularly reviewed to ensure that business activities are not interrupted in the event of a major failure or disaster.
(4) Education and training on information security shall be provided periodically to all applicable employees.

5. Responsibilities, Obligations and Penalties
(1) The CEO is responsible for information security. To that end, the CEO will provide the necessary resources for the applicable staff.
(2) Staff within the scope of this policy are obligated to protect customer information.
(3) Covered staff shall follow procedures established to maintain this policy.
(4) Staff within the scope of the scope shall be responsible for reporting information security incidents and weaknesses.
(5) If any staff member within the scope of this policy engages in any conduct that endangers the protection of information assets that they handle, including but not limited to customer information, they will be disciplined in accordance with the company's work regulations.

Date: July 2, 2018
Position: President and CEO
Signature: Junzo Oishi