Information Security Policy

As a member of society, Ad-Sol Nissin strives to create and provide high-value-added services that meet the needs of our clients through our IT solutions business. We challenge ourselves to constantly innovate, while complying with laws, regulations, and social norms, emphasizing fairness and a high level of transparency. In our corporate activities, we utilize information assets that are unique to our company, and are also entrusted with various information assets by our clients. We recognize that measures to secure and protect these information assets are a social mission of the Company and an important management issue related to our survival.
We establish, operate, maintain, and continuously improve our information security management system (hereinafter, "ISMS") as a mechanism for preventing the occurrence of issues related to information security and appropriately protecting information assets and information. Furthermore, in developing and promoting the ISMS, the Information Security Committee has been established to deliberate and approve important matters related to the establishment, implementation, operation, monitoring, review, maintenance, and improvement of the system. We aim to ensure the unwavering satisfaction, trust, and safety of our clients, and enhance our corporate value through continuous and stable business activities.

1. Definition of information security
   Information security is defined as maintaining the confidentiality, integrity, and availability of information.
2. Scope of application
   This applies to all of the Company's organizations and operations.
3. Responsibility and authority related to the ISMS
   The Company defines and promotes the roles and responsibilities of our information security managers and the ISMS. Persons engaged in our business are obliged to cooperate with the promotion of the ISMS.
4. Risk identification and control measures
   Risks are identified in a manner determined by the Company, and risk responses are implemented below the defined acceptable level while selecting management objectives and control measures.
5. Compliance
   We shall conduct our business in compliance with the laws, regulations, and contractual requirements of our business. This also includes the Rules of Employment and Code of Conduct.
6. Thorough security education, training, and awareness training
   To raise awareness of the importance of information security, we regularly conduct security education, training, and awareness training for all employees. We require prompt reporting of any incidents related to information security by those who discover them, including the possibility of their occurrence.
7. Business continuity management
   We shall ensure business continuity against threats such as serious accidents, including disasters. Business continuity plans shall be developed, maintained, regularly trained, and reviewed based on the results of such training.
8. Obligations and penalties
   All employees of the Company shall act in accordance with the relevant ISMS documents to maintain the Information Security Policy. The penalties for any violations shall be clearly stated.
9. Review
   We shall maintain risk at an acceptable level by monitoring, regularly reviewing, and continuously improving this Information Security Policy and the ISMS overall.

September 1, 2022
Ad-Sol Nissin Corporation
President & COO Toshiaki Shinozaki