Information Security Management Policy

Established November 1, 2023

Yachiyo Engineering Co., Ltd.

In light of the world's development into an advanced information-oriented society, we consider the security of the information assets we handle as an important social responsibility. Therefore, based on our management philosophy, we have established and comply with this Information Security Management Policy as the most basic policy for implementing information security measures with the aim of ensuring the security of the most sensitive information assets we handle, and earning the trust of society and our clients.

1. Scope

The scope of our information security measures includes information assets related to our business activities, and covers our officers and employees as defined in Article 2 of our Rules of Employment for Employees, advisors and rehired retirees as defined in Article 2 of our Rules of Employment for Advisors and Rehired Retirees, and contract employees as defined in Article 2 of our Rules of Employment for Contract Employees (collectively referred to as "Officers and Employees").

2. System Development

We will establish the position of Chief Information Security Officer as well as regulations and implementation procedures for information security management, and develop an information security management and operation system to identify, protect against, detect, respond to, and recover from risks to information assets under the approval and responsibility of the Chief Information Security Officer.

3. Compliance with Laws, Regulations, and Contractual Requirements

We require our Officers and Employees to comply with our information security management regulations in addition to laws, regulations, and contractual requirements pertaining to information security.

4. Implementation of Measures

To prevent unauthorized access to and leakage, falsification, loss, and destruction of information assets, denial of service, and other problems, we will implement effective preventive and protective measures for information assets throughout their lifecycle at or above the level required by our clients. We will also implement appropriate management measures based on a system for detecting, responding to, and recovering from any problems that may occur.

5. Education

It is our duty to educate our Officers and Employees that the proper handling of information assets is an important information security measure, and to provide necessary education and training on information security to maintain and improve information security literacy.

6. Continuous Improvement

In order to respond properly to changes in the business environment and societal conditions, we will constantly review and continuously improve our information security management system and regulations as appropriate.