1. Definition
Ginco Inc. (the “Company”) believes that its mission is to contribute to the society through solutions for data management and utilization using new technologies. In line with this, the Company recognizes that one of the most important management issues is to implement appropriate management and security measures for all Information Assets handled in its business activities in order to meet the responsibility of ensuring trust from customers and the society as a whole. To fulfill this responsibility, the Company has established this Information Security Policy (this “Policy”), and all its workers, including its directors and officers, will fully understand this Policy and strive to enhance and strengthen the information security management system.
 
2. Scope and Application of this Policy
This Policy applies to all Information Assets managed by the Company and to all business activities related to Information Assets, and it is applicable to all workers of the Company, including its directors and officers, full-time employees, dispatched workers, temporary staff, part-time workers, part-time job and personnel from external contractors.
 
3. Protection of Information Assets
From the perspectives of confidentiality, integrity, and availability, the Company will conduct risk assessments as well as recognize the importance of all Information Assets it handles, and strive for the appropriate protection of Information Assets under the information security management system. “Information Assets” herein refer to information and data that the Company holds or manages in the course of conducting its business, whether tangible or intangible, including the information systems, networks, and facilities necessary for handling such information and data.

4. Information Security Management System
To ensure active involvement by the management, a “Chief Information Security Officer (CISO)” is appointed from among the directors and a cross-departmental “Information Security Committee” chaired by the CISO is organized to consider, deliberate, and report on matters related to information security. The Company obtained ISMS certification in April 2022, and will continue to improve information security maintenance and enhancement by ensuring effective security measures through regular risk assessments, audits and other relevant measures.

5. Establishment of Internal Regulations and Rules
The Company will establish regulations and rules in accordance with this Policy for the appropriate management and protection of Information Assets and ensure that such regulations and rules are thoroughly disseminated and known to all related parties.

6. Compliance with Laws, Norms, and Contractual Matters
All workers of the Company, including its directors and officers, will comply with various laws, guidelines established by the government, and other norms related to information security, as well as this Policy, and any violator of the foregoing will be subject to disciplinary action based on the rules of employment.

7. Improvement of Information Security Literacy (Education and Training)
For all workers of the Company including its directors and officers, the Company will strive to improve information security literacy, regularly conduct education and training to implement appropriate management of the Company’s Information Assets and carry out continuous improvement of information security management.

Revised on February 1, 2023
Ginco Inc.
Muuto Morikawa, Representative Director