INFORMATION SECURITY

Basic Policy on Information Security

Basic Principle

Internet Research Institute, Inc. (hereinafter referred to as the “Company”) practices a philosophy of striving to become a leading company in Internet technology in the age of IoT while significantly contributing to the abundant and sound development of the information society.
To better provide its various Internet technology services in a continuous and expanding manner under this philosophy, it will be vital to safeguard the security of the information assets of the Company and its customers by protecting those assets, making them available to its customers when appropriate, and ensuring that they remain accurate and in line with laws and ordinances.
The Company recognizes that the quality of this information security is a foundation for all of the services it provides. The Company shall establish a basic policy on information security covering any and all matters relating to the information that the officers and employees of the Company, officers and employees of the Company’s business partners, and others handle in the course of business operations, as well as all facilities used to process that information (hereinafter referred to as the “Information Assets”). All relevant persons shall be familiar with and comply with this basic policy on information security.

Information Protection

The Company shall protect all information on business activities and always take the optimal information security measures.
In particular, the Company shall position its customer information management system relating to the Company’s Internet technology services, personal information, information on client companies, and information on know-how as the Company’s most important information, and shall make efforts to ensure information security.
In addition, the Company shall take appropriate steps to raise awareness on information security, including activities to enlighten and educate all of its officers and employees involved in the Company’s business operations on information security and related matters.

System

The Company shall establish an information security committee and an information security chairman as a managing supervisor of the committee, in order to promote the protection of the Information Assets.

Risk Assessment

The Company shall implement risk assessments in an effort to take appropriate information security measures according to risks. In addition, with regard to risks assessed to be likely to affect the most important information, the Company shall put a top priority on countermeasures against them.

Conformity

The Company shall set forth a variety of regulations on the management and use of the Information Assets held by the Company in order to ensure information security. These regulations shall reflect the requirements under business, laws and ordinances and regulations, and information security obligations pursuant to agreements.

Continuous Improvement

The Company shall establish, implement, and maintain information security measures and implement continuous improvements by conducting regular reviews.

June 2018
Internet Research Institute, Inc.