ALJ Co., Ltd. (hereinafter referred to as "the Company") handles customer information from corporations, organizations, local governments, etc., and provides information processing services such as system development, design, operation, maintenance, and management. We recognize that securing information security is a critical management issue to gain the trust of customers regarding these information assets. To continuously and securely provide services to our customers, we hereby establish the "Basic Information Security Policy" as a guideline for implementing appropriate safety measures for information assets.

[1] Scope of the Basic Information Security Policy

The "information assets" covered by this policy include all information obtained or known in the course of the Company's business activities, as well as all information the Company holds for business purposes. This policy applies to the Company's "officers, employees, temporary staff, etc." involved in handling and managing these information assets, as well as to "contractors and their employees" handling the Company’s information assets.

[3] Promotion of Information Security

The Company will appoint an "Information Security Manager" as the person responsible for information security and will promote information security activities.

[4] Compliance with Laws and Regulations

We will comply with laws and regulations related to information security, including copyright laws and personal information protection ordinances, as well as other relevant norms.

[5] Risk Assessment

The Company will establish criteria for evaluating risks and define a risk assessment structure. We will implement optimal human, physical, and technical information security measures to mitigate the risks identified through the risk assessment.

[6] Education

The Company will ensure that all officers and employees (including part-time staff) are thoroughly informed of the Basic Information Security Policy, and will regularly conduct awareness and educational activities to secure information security.

[7] Measures and Penalties for Violations

In cases where officers or employees (including part-time staff) fail to fulfill their obligation to comply with this Basic Information Security Policy, resulting in significant impacts on the Company’s information security, or in cases of malicious actions recognized as having the potential to cause such impacts, clear responsibilities and disciplinary actions will be sought in accordance with the Company’s employment regulations.

[8] Review and Evaluation

To ensure the effectiveness of information security, the Company will establish necessary measures to check compliance and address operational issues, conducting regular evaluations and reviews to adapt to changes in the environment.