Basic Policy on Information Security

1. Purpose of the Information Security Policy

This “Information Security Policy” clarifies the basic policy for information security management of PRIMINS (hereinafter referred to as “the Company”). To ensure security, we will take safety measures, focusing on technical measures such as departmental access control, network control, and the introduction of security software.

2. Principle

• Information assets related to all business activities shall be clearly identified, and information security measures shall be taken according to the risks.
• The highest responsibility for the implementation of information security measures shall be borne by the management.
• Employees shall be responsible for performing their duties for security measures assigned to them.
• The information security policy and security-related documents shall be reviewed at appropriate periods and times.

3. Promotion System

To promote information security activities, an information security manager shall be appointed to establish and maintain information security management.

4. Responsibilities and Obligations of All Employees

• The operation of the policy shall be in accordance with the operational measures, and internal audits shall be conducted periodically to confirm that the policy is being complied with.
• The Information Security Manager will facilitate the implementation of the policy based on appropriate standards and implementation procedures.
• All employees are responsible for reporting incidents and identified problems in accordance with procedures established to maintain this Information Security Policy.

5. Management’s Responsibilities and Duties

Recognize the appropriate protection of information assets as an important management issue and allocate the necessary management resources. We understand and comply with agreements with customers and external parties regarding the information to be protected, and strive to make appropriate recommendations when the content of such agreements is inadequate for the mutual business objectives. We will strive to strengthen our activities related to information security company-wide by establishing a promotion system.

6. Auditing

We will conduct internal audits on a regular basis to confirm compliance with this “Basic Policy on Information Security.”

7. Risk Assessment

For information assets to be protected, threats to confidentiality, integrity, and availability are assumed, and vulnerability to these threats is assessed. Based on this assessment, we formulate and implement management measures to protect and maintain the confidentiality, integrity, and availability of each information asset.

8. Penalties

Any willful conduct that jeopardizes the protection of information assets will be subject to disciplinary/legal action.

9. Compliance with Laws, Regulations, and Internal Rules

All users of our information assets shall recognize the importance of information security and comply with the Information Security Basic Policy and Manual as well as laws and regulations related to information assets. The Information Security Manager shall be responsible for compliance with relevant laws and regulations and their dissemination.

Enacted October 1, 2020