Information Security Policy

Basic Policy for Information Security of the Ashisuto Group

1. Information Security Organization

K.K. Ashisuto, its subsidiaries and associated companies (hereinafter referred to as "Ashisuto Group") have established an Information Security Organization for the maintenance and improvement of information security.

2. Classification and Management of Information Assets

Ashisuto Group will classify according to degree of importance, and appropriately handle and manage all information assets.

3. Handling of Personal Information

In the collection, usage, retention, and provision of any personal information, Ashisuto Group will properly manage and comply with the laws and regulations relating to protection of personal information in order to prevent unauthorized access, loss, destruction, falsification, or leakage, etc. of such information.

4. Monitoring and Audits

In order to ensure that the information assets are being managed properly, Ashisuto Group will perform internal monitoring and submit to periodic audits by a third party auditor to maintain and continuously improve the level of its information security.

5. Education and Training

Ashisuto Group will plan and carry out on a regular basis for all employees, in accordance with their jobs, any necessary education and training regarding information security.

6. Compliance

Ashisuto Group will comply with all legal requirements relating to information security such as "Corporation Law," the "Law for Prevention of Unfair Competition," the "Law Prohibiting Unauthorized Computer Access," the "Personal Information Protection Law," etc., as well as any guidelines from respective ministries. Further, Ashisuto Group will comply with all contractual requirements relating to information security.

June, 2012
Tatsuo Otsuka, President
K.K. Ashisuto