Basic Information Security Policy

1. Purpose of information security
   
   In order to protect its information assets from all threats, WHI takes steps to ensure necessary information security, since it recognizes that it is its social responsibility to continuously and stably secure its business activities, and defines the Basic Information Security Policy in order to realize this.
   Employees within the scope, must understand this spirit, be familiar with the Basic Information Security Policy, regulations, and procedure documents, and comply with them.
    
2. Information security definitions
   
   Information security refers to maintaining the Confidentiality, Integrity and Availability of information.
    
3. Information security objectives
   
   WHI set the objectives of information security as ensuring the Confidentiality, Integrity and Availability of information assets; aiming to rapidly recover in order to minimize damage even if an information security accident occurs; and taking appropriate measures to prevent recurrence.
4. Scope
   
   The scope shall be set as the business related to introducing of WHI’s the implementation, operation and maintenance service of our products and services, and shall include the information assets handled by this business.
   In addition, the subject shall be all those who handle the information assets.
   It is to be noted that the subcontractors shall enter into an agreement with contents that conform to this basic policy.
    
5. Information security organizational structure
   
   In addition to establishing the "Information Security Committee" for the purpose of implementation of information security, WHI shall appoint an information security manager as person with information security maintenance responsibilities.
    
6. Risk assessment implementation
   
   Establishment and maintenance of WHI’s Information Security Management System (ISMS) shall be carried out while achieving consistency with the organization’s strategic risk management viewpoint.
   In addition, risk assessments shall be performed for Confidentiality, Integrity and Availability of information and threats and vulnerabilities, to reduce risks for example by treating high risks.
    
7. Compliance with laws, ordinances and regulations
   
   Employees within the scope must comply with laws, ordinances and regulations related to information security.
    
8. Education
   
   WHI shall thoroughly make the contents of this basic policy known to employees within the scope, and continuously implement education required for maintaining information security.
    
9. Business continuity management
   
   WHI shall take measures to ensure the continuity of the business in order to minimize the interruption of business due to disasters or failures.
    
10. Audits and continual improvement
    
    In order to check that information security has been complied with, WHI shall conduct internal audits on a regular basis and as necessary.
    In addition to improvements through these audits, WHI shall conduct reviews in response to environmental changes such as changes and new threats to the information system, and implement continuous improvement.
     
11. Punishment
    
    At WHI employees who have committed an act in violation of the regulations related to information security, shall be subject to disciplinary action on the basis of working rules or punishment on the basis of contract.

1 August, 2019
Works Human Intelligence Co., Ltd
Manabu Tsukamoto
Chief Information Security Officer