Information Security Basic Policy

Cyber Defense Institute, Inc. (hereinafter referred to as "the Company") recognizes the assurance of information security as a key management priority. We are committed to protecting both the information assets entrusted to us by our clients and business partners, as well as our own, from threats such as cyberattacks. By providing secure products, systems, and services, we aim to create social value—namely safety, security, fairness, and efficiency—and contribute to the realization of a sustainable society in which everyone can fully express their humanity.

This policy applies to all information assets handled in the course of our business activities. We identify and quantify threats and vulnerabilities to the confidentiality, integrity, and availability of these assets and implement ongoing risk management practices to ensure their security.

To fulfill our contractual and legal obligations and to manage risks inherent in business operations, we hereby declare the establishment, implementation, maintenance, and continuous improvement of an Information Security Management System (ISMS).

Recognizing Information Security as a Management Priority

We recognize information security as one of the most critical management issues. Accordingly, we consider investment in information security a vital corporate responsibility. Senior management will identify risks, set appropriate information security objectives, allocate necessary management resources, and continuously monitor, improve, and correct our initiatives.

Formulating and Declaring Management Policies

Should an information security incident occur, we will act in accordance with our business continuity plan to minimize damage and promptly restore operations. We will also investigate the root cause and implement measures to prevent recurrence.

Establishing Internal and External Structures and Implementing Measures

• A CSIRT (Computer Security Incident Response Team) is established under the President to handle incidents and related matters.
• We will establish a comprehensive information security management structure, manage information assets appropriately, and implement internal regulations in accordance with this basic policy.
• We will implement appropriate human, physical, technical, and organizational measures to prevent incidents such as unauthorized access, leakage, tampering, loss, theft, destruction, or service disruption.
• To help solve societal issues, we actively recruit and support professionals with advanced expertise in information security. We also provide ongoing awareness and role-based training for all executives and employees.

Promoting Secure Services in Society

We strive to provide secure and reliable services to our clients, considering information security and privacy across all aspects of their business, and to contribute to the broader dissemination of such services throughout society.

Compliance with Laws, Regulations, and Contractual Requirements

• We comply with all applicable laws, contractual obligations, and the ISMS standard JIS Q 27001:2023 related to information security.
• We manage information appropriately in accordance with confidentiality agreements with our clients.

Disciplinary Measures for Violations

All employees must act in accordance with our information security policies. Any violations will be subject to disciplinary action.

Date: April 9, 2024
Signed: Cyber Defense Institute, Inc.
Chief Information Security Officer: Kenichi Kashima