The scope of our information security measures includes information assets related to our business activities, and covers our officers and employees as defined in Article 2 of our Rules of Employment for Employees, advisors and rehired retirees as defined in Article 2 of our Rules of Employment for Advisors and Rehired Retirees, and contract employees as defined in Article 2 of our Rules of Employment for Contract Employees (collectively referred to as "Officers and Employees").

We will establish the position of Chief Information Security Officer as well as regulations and implementation procedures for information security management, and develop an information security management and operation system to identify, protect against, detect, respond to, and recover from risks to information assets under the approval and responsibility of the Chief Information Security Officer.

We require our Officers and Employees to comply with our information security management regulations in addition to laws, regulations, and contractual requirements pertaining to information security.

To prevent unauthorized access to and leakage, falsification, loss, and destruction of information assets, denial of service, and other problems, we will implement effective preventive and protective measures for information assets throughout their lifecycle at or above the level required by our clients. We will also implement appropriate management measures based on a system for detecting, responding to, and recovering from any problems that may occur.

It is our duty to educate our Officers and Employees that the proper handling of information assets is an important information security measure, and to provide necessary education and training on information security to maintain and improve information security literacy.

In order to respond properly to changes in the business environment and societal conditions, we will constantly review and continuously improve our information security management system and regulations as appropriate.