Basic Policy on Information Security

Commitment to Information Security

The Katolec Group possesses important information assets in the course of its business operations, including personal information and information related to the commercial or technical rights of its clients. If such information were to be leaked, altered, or lost, it could result in extremely serious consequences. The Company recognizes the critical importance of taking appropriate measures against these threats.
To maintain social trust and ensure business continuity, the Company has established this **Basic Policy on Information Security**. The Company is committed to complying with this policy and promoting company-wide initiatives to enhance information security.

1. Definition of “Information Assets” in Information Security

“Information Assets,” as defined in this Basic Policy on Information Security, refer to personal information held by the Company, information obtained in the course of business operations, physical media, and information systems such as computers and networks.

2. Establishment of an Information Security Management System

To protect and manage all information assets, the Company will establish regulations concerning information security measures, appoint a Chief Information Security Officer (CISO), and organize an Information Security Committee under the CISO’s responsibility. Through these efforts, the Company will build an information security management system that earns and maintains the trust of society.

3. Development of Internal Regulations Related to Information Security

The Company will develop internal regulations for the management and operation of information assets in accordance with applicable laws, regulations, and other requirements related to information security. The Company will ensure that its strict commitment to legal compliance is thoroughly communicated to executives, employees, and contractors.
Furthermore, this Basic Policy and related internal regulations will be reviewed on an ongoing basis to ensure that appropriate security levels are consistently maintained.

4. Building Systems to Ensure Information Security

The Company will establish and operate systems that incorporate sufficient information security measures to prevent unauthorized access, leakage, alteration, loss, destruction, or disruption of information assets.

5. Implementation of Information Security Education

The Company will provide education on information security measures to executives, employees, and temporary staff to ensure a thorough understanding of internal regulations related to information security. All personnel must perform their duties with this awareness.
Only individuals who have completed the required training will be permitted to access information assets.

6. Strengthening Management of Outsourcing Partners

When outsourcing work to external contractors, the Company will assess the security levels of prospective contractors and enter into contracts that include confidentiality obligations.
Additionally, the Company will periodically investigate the actual information security practices of contractors to ensure that appropriate security levels are maintained.

7. Audits

The Company will conduct planned internal audits to verify compliance with laws, regulations, and internal rules related to information security. These audits will confirm whether this Basic Policy and internal regulations are being properly observed.