Basic Policy on Information Security

OPTiM Corporation (hereinafter “we/our/us”), have been developing our business with an objective to create technologies, services and business models that support customers utilizing IT. The services which we provide in our business are to make the Net as simple as breathing. Working on information security in order to provide customers with easy-to-use and secure services is one of our important missions. Thus, with an objective to achieve that mission, we decided on the Basic Policy on Information Security driving the following items, and will establish the objectives and targets of information security in accordance with the Basic Policy followed by the continuous evaluation of their accomplishments.

1. (Establishing Information Security Management System (ISMS))
With full understanding of the importance of the information assets relating to our services by all directors and staff, we establish ISMS which is organizationally and technically appropriate for protecting information assets against theft, falsification, destruction, leakage, unauthorized access etc.
2. (Information Security Management Structure)
We established the Information Security Committee as a company-wide promoting body for information security, and act aggressively to grasp the accurate status of information security throughout the company and to execute necessary countermeasures quickly.
3. (Law-observance)
We observe laws, rules, other standards and contracts applied to our information security.
4. (Protection of Information Assets)
We appropriately protect all information assets that we possess and manage by recognizing the importance from the viewpoint of confidentiality, integrity and availability, and conducting risk assessment.
5. (Enforcement of Education and Training for Information Security)
We enforce in-house education and training on information security for all directors and staff. The purpose of such training is for the staff to have recognition of the importance of information assets in order to have the Basic Policy fully understood.
6. (Handling of Security Incident)
In case of an occurrence of an incident or signs of such on information security, we find out the cause promptly, take the best measure to keep the damage to a minimum, and strive to prevent such incident with continuous improvement.
7. (Continuous Review of ISMS)
We regularly review the Basic Policy and the relevant company regulations / management system for appropriate management and operation of information assets.
Additional clause
This Basic Policy was established on November 24, 2011.
This Basic Policy was modified on May 29, 2015.

Shunji Sugaya
President, OPTiM Corporation