Information Security Policy

1. Purpose

K.K. Ashisuto and its subsidiaries and associated companies (hereinafter referred to as "Ashisuto Group"), in order to safely and efficiently utilize and maintain the information assets handled by Ashisuto Group, establish information security management system and provide necessary measures for both system and management aspects to protect corporate information from any kinds of threats.

2. Objective

Ashisuto Group implements measures based on the risk assessment of information security. We aim to maintain and improve standards of information security continuously.

3. Scope

This information security policy applies to all information assets of Ashisuto Group and all workers (officers, advisors, regular employees, semi-regular employees, contract employees, temporary employees and dispatched employees) who may utilize such information.
All workers of Ashisuto Group comply with this policy in order to protect information assets (confidential information supplied by customers, confidential information acquired as Ashisuto Group and confidential information about Ashisuto Group).

4. Information Security Organization

Ashisuto Group has established an Information Security Organization for maintenance and improvement of information security.

5. Classification and Management of Information Assets

Ashisuto Group classifies all information assets according to their degree of importance, and handles and manages those assets appropriately.

6. Consignee Management

When Ashisuto Group consigns all or part of our business, we require that the consignee maintain the same security levels as Ashisuto Group and conducts audits periodically.

7. Monitoring and Audits

In order to ensure that the information assets are being managed properly, Ashisuto Group performs internal monitoring periodically or when necessary to maintain and continuously improve the level of its information security.

8. Education and Training

Ashisuto Group plans and carries out on a regular basis for all workers, in accordance with their jobs, any necessary education and training regarding information security.

9. Compliance

Ashisuto Group complies with all legal requirements relating to information security, as well as any guidelines from respective ministries. Further, Ashisuto Group complies with all contractual requirements relating to information security, company regulation and internal rules, etc..

Enacted: June, 2012
Revised: October, 2018
Tatsuo Otsuka, President
K.K. Ashisuto