Information Security Basic Policy

Yamazen and its group companies (hereinafter, “the Company”) recognize that its activities are formed from relationships of trust with customers. In order to provide customer-oriented goods and services at all times, the Company will implement appropriate safety measures in relation to information assets, and protect them from the risk of loss, theft or unauthorized use.
We believe that to achieve this, in addition to strengthening physical and technological security, the most important factor is for employees to have a high awareness of the importance of information asset security, and to act in ways that comply with security requirements. Accordingly, we have set out the “Information Security Basic Policy” as guidelines to implement appropriate protective measures for information assets managed by the Company.
All officers and employees of the Company understand the purpose of these guidelines, and will comply with them.

1. Definition of information security

Information security is defined as maintaining the confidentiality, completeness and availability of information.

2. Scope of application

This policy is applicable to all information managed by the Company and associated with its operational activities.

3. Appointment and duties of Chief Information Officer (CIO)

The Company appoints a Chief Information Officer (CIO). The CIO works to establish and promote a company-wide information security management system. The CIO appoints an information security manager for each divisional headquarters, regional headquarters, department, and group company. These managers work to promote the information security management system in each department.

4. Identification of risks and information security objectives

The information security manager identifies risks using methods prescribed in the management regulations. Optimal information security management measures shall be devised and implemented for the risks identified. The objective of information security shall be to reduce all risks to below the level determined acceptable.

5. Duties of all those in the Yamazen Group

All officers and employees of the Yamazen Group must act in accordance with the Information Security Basic Policy, Information Handling Ethics Manual, and regulations. In the event of a violation, the punishment regulations contained within the employment regulations will be applied.

6. Protection of personal information

The Company’s protection of personal information is based on the Personal Information Management Regulations.

7. Management of confidential information

The Company manages the confidential information of customers and its own confidential information in accordance with the Unfair Competition Prevention Act.

8. Protection of copyright

The Company protects copyrighted material in accordance with the Copyright Act.

9. Non-disclosure agreements

The Company manages information in accordance with non-disclosure agreements concluded with customers.

10. Education

This Information Security Basic Policy shall be circulated among all officers and employees, and educational and training activities shall be promoted to ensure that it is understood and acted upon by everybody.

April 1, 2017

Yamazen Corporation
President CEO