Information Security Policy

The Company shall designate a responsible person for information security who oversees the Company’s overall security efforts. The Company shall also clarify its information security management structure to continuously monitor its security posture and take prompt action when necessary.

The Company shall implement appropriate organizational and technical measures to ensure the confidentiality, integrity, and availability of its information assets.

The Company shall comply with applicable laws, regulations, and contractual obligations related to information security.

In the event of legal violations, contractual breaches, or incidents involving information security, the Company shall respond appropriately and work to prevent recurrence.

The Company shall provide thorough information security education and training to executives and employees to ensure that all individuals involved with the Company’s information assets have adequate security literacy. Education and training will be conducted on an ongoing basis to adapt to evolving conditions.

When entering into outsourcing agreements, the Company shall evaluate the qualifications of the contractors and require them to maintain a level of security equivalent to or higher than that of the Company. The Company will also continuously monitor these contractors to ensure appropriate security levels are maintained.

The Company shall regularly review and continuously improve this basic policy in response to changes in the business environment, laws and regulations, organizational structure, and developments in information technology.