ES-CON JAPAN Ltd. (hereinafter the “Company”) recognizes the protection of information assets such as personal information owned by the Company from the threat of leakage, loss, falsification, disappearance, etc. as an important issue in management and has established the basic policy related to information security to make such efforts throughout the Company.

The Company established a safe information security management system by making all executives and employees (including temporary workers) using the information assets owned by the Company understand the Basic Policy on Information Security, comply with laws and regulations concerning information security and other norms and appropriately protect information assets.

The Company shall assign personnel responsible for controlling information security to accurately grasp the status of information security control and make it function continuously and effectively.

Based on the Basic Policy on Information Security, the Company shall develop the internal rules concerning handling of information assets and make sure that all executives and employees are informed about a clear policy.

The Company complies with real estate-related laws and regulations, the Personal Information Protection Act, laws and regulations concerning information security and other norms, guidelines, internal rules, etc.

The Company shall establish a system to understand, distinguish and evaluate the risks on information assets and realize an appropriate management system in accordance with the purpose of use and importance of information assets.

The Company secures confidentially, integrity and availability of information assets by implementing reasonable information security measures against specific threats and making efforts in safe control of information assets.

The Company provides education on security to all officers and employees to make sure that the obligations of all officers and employees concerning the protection of information assets are informed and to maintain and improve the security level for protecting information assets.

In the case of an information security accident, the Company strives to promptly handle the accident and prevent the spread of the disaster as well as prevent the recurrence of such accidents.

In the case of a violation of the basic policy on information security, the Company shall make sure that everyone inside and outside the Company take it seriously.

The Company intends to improve effectiveness and reliability of information security by developing a periodic self-inspection system and conducting daily monitoring of the management and operational status of information security.