Basic Policy on Information Security

Our business is based on relationships of trust with our customers. In order for us to win the trust of our customers and provide better services, we must implement appropriate safety measures for informational assets and protect them from loss, theft, and unauthorized use. For such purpose, it is most important for our employees to be highly conscience of security and to act with respect for security, as well as to strengthen physical and technical security.

The Basic Policy on Information Security is hereby established as the guidelines for implementing appropriate protection measures for the informational assets retained by us. This policy is prepared by our President and is published and notified to all employees. This policy is reviewed at the time of the management review or if there is any change that may affect it. All employees, including the Board of Directors, will understand this purpose and fully understand and comply with the contents of our Basic Policy on Information Security.

Definition of Information Security

Information security is defined as maintaining the confidentiality, integrity, and availability of information.

Scope of Application

This policy covers information relating to all business activities under our control.

Information Security Organization and its Obligations

We establish the Information Security Promotion Committee. The Information Security Promotion Committee shall appoint its members from representatives from each division. The appointed members of the Information Security Promotion Committee shall implement protection measures including prevention and correction from unauthorized leakage, loss, intrusion, alteration, destruction, and obstruction of use of the informational assets.

Information Security Measures

We take appropriate information security measures depending on the information that is handled.

Obligations of Employees

All employees, including part-time and temporary employees, shall act in accordance with the Basic Policy on Information Security and the Rules for Information Security Management. If a violation occurs, the penalty stipulated in the Work Rules shall apply.

Identification of Information and Measures

We identify trade secrets and personal information. Appropriate information security measures shall be taken for the protection of identified information.

Efforts to Comply with Laws and Regulations

We shall continuously manage our business activities so that we can act in compliance with laws and regulations in all of our business activities.

Protection of Personal Information

We shall manage personal information in accordance with the Act on the Protection of Personal Information. Appropriate collection, use, and provision of personal information shall be implemented in light of the nature and scale of our business.

Management of Confidential Information

We shall manage our confidential information and confidential information of customers in accordance with the Unfair Competition Prevention Law.

Copyright Protection

We shall manage and handle copyrighted works in accordance with the Copyright Law.

Promotion of Information Security

Our information security shall be audited and continuously improved.

Education

Information security education and training shall be promoted by the Information Security Promotion Committee under the direction of the Board of Directors.

Security Obligations to Customers

We shall comply with any security requirements, if any, from the customer.

Management of Outsourcing

When outsourcing, we outsource services only to an entity that is able to maintain the security level required by us following our verification of its eligibility for information security management. In addition, we shall manage and monitor the information security management of the outsourcee in order to appropriately maintain the security level thereof.

Established on January 8, 2005
Revised on August 23, 2006
LEAD CREATE Inc.
Yoshikazu Akatsuka, Chief Executive Officer