SECURITY
Information Security Policy
1. Purpose
TREASURY CO. (HEREINAFTER REFERRED TO AS "TREASURY") USES A LARGE AMOUNT OF INFORMATION ASSETS IN THE COURSE OF ITS CLOUD SERVICE BUSINESS AND EMPLOYEE MANAGEMENT (HEREINAFTER REFERRED TO AS "BUSINESS"), AND THEREFORE, TREASURY RECOGNIZES THAT THE APPROPRIATE IMPLEMENTATION OF INFORMATION SECURITY AND EFFORTS TO PROTECT INFORMATION ASSETS ARE ESSENTIAL REQUIREMENTS FOR PROMOTING CORPORATE ACTIVITIES BASED ON THE TRUST OF SOCIETY, AS WELL AS A SERIOUS SOCIAL RESPONSIBILITY. WE ALSO RECOGNIZE THAT IT IS AN IMPORTANT SOCIAL RESPONSIBILITY.
Therefore, in light of the importance of information security, we have established this Information Security Policy (hereinafter referred to as the "Policy") and will establish, implement, maintain, and improve an information security management system to specifically implement the Policy.
2. Definition of Information Security
Information security is defined as maintaining confidentiality, integrity and availability.
(1) Confidentiality
It means that information assets are protected from unauthorized access, etc., and are not leaked to those not authorized to reference them.
(Characteristics that do not allow the information to be used or disclosed to unauthorized persons, entities or processes)
(2) Integrity
It means that information assets are protected from tampering and mistakes and are maintained accurately and completely.
(Accuracy & completeness properties)
(3) Availability
It means that information assets are protected from loss, damage, or system outages and are available when needed.
(a characteristic that is available for access and use when requested by an authorized entity)
3. Scope of application
This policy applies to all information assets under our control. The scope of information assets is not limited to electronic devices and electronic data, but includes all forms of information assets, including paper.
(1) Organization
TREASURY Corporation Great Sign Business Engagement Great eKYC Business Engagement
(2) Facilities
HEAD OFFICE (ADDRESS: 2F FRIEND BUILDING, 2-4-11 NAGATA-CHO, CHIYODA-KU, TOKYO)
(3) Business
Cloud Service Provider (CSP)
(4) Assets
Documents, data, information systems and networks (CSC: Cloud Service Customer) related to the above operations and various services
4. Implementation Matters
In accordance with this policy and our information security management system, we will implement the following
(1) Information Security Objectives
We will formulate information security objectives that are consistent with this policy and take into account applicable information security requirements and the results of risk assessments and risk responses, disseminate them to all employees, and review them from time to time in response to changes in our environment, and periodically even if there are no changes.
(2) Handling of information assets
a) Access privileges shall be granted only to those who need them for business purposes.
b) We manage our information security management system in accordance with legal and regulatory requirements, contractual requirements, and the provisions of our information security management system.
c) Appropriately classify and manage information assets according to their importance in terms of value, confidentiality, integrity, and availability.
d) Continuous monitoring to ensure that information assets are properly managed.
(3) Risk Assessment
a) Conduct risk assessments and implement appropriate risk responses and control measures for information assets deemed most important based on the characteristics of the business.
b) Analyze the causes of incidents related to information security and take measures to prevent recurrence.
(4) Business Continuity Management
Minimize business interruption due to disasters or breakdowns and ensure business continuity capabilities.
(5) Education
Information security education and training are provided to all employees.
(6) Compliance with regulations and procedures
We will comply with the regulations and procedures of the information security management system.
(7) Compliance with legal, regulatory and contractual requirements
We comply with legal, regulatory and contractual requirements regarding information security.
(8) Continuous improvement
We are committed to continuous improvement of our information security management system.
5. Responsibilities, Obligations and Penalties
The responsibility for the information security management system, including this policy, rests with the Representative Director, and employees within the scope of application are obligated to comply with the regulations and procedures established. Employees who fail to comply with their obligations and commit violations will be punished in accordance with the employment regulations. Employees of subcontractors will be dealt with in accordance with individually defined contracts.
6. Periodic review
The information security management system shall be reviewed, maintained and controlled on a regular and as-needed basis.
December 28, 2019 Established
Revised June 9, 2023
TREASURY Corporation
Representative Director Seiji Yamashita