Purpose

We at KANAMEL Group will handle information belonging to customers and suppliers of us, obtained during the course of our business activities, and all other information in the group's possession, in an appropriate manner. We recognize that we have a public duty to adequately protect the aforementioned information assets and will make every effort to do so as a top management priority on an ongoing basis.

To enable us to achieve this, we hereby set out the following Basic Policy on Information Security, as a guideline for information security measures. The purpose of putting this policy into practice is to create an organization that can be trusted by its customers, and all of its other stakeholders, at all times.

Scope of Application

This policy is applicable to all information assets in our possession for our business purposes, as well as our officers, all employees (including regular employees/contract employees/part-time employees/ part-time staff/resident outside service providers; the same applies hereinafter), subcontractors and outside service providers hired by contract with the Company.

Measures

We will establish an information security management system (ISMS) and implement the following measures.

1. Ensure and maintain the confidentiality, integrity and availability of all information assets, as a basic requirement for information security
2. Establish standards to evaluate risks and put in place a risk assessment framework
3. Implement optimum information security measures to minimize risks highlighted by risk assessments
4. Place top priority on information management, to ensure that information belonging to customers and suppliers is handled in an appropriate manner and implement security management measures that take into account similarities between industries, products and services (clearly demarcating information according to department, staff, workplace, etc.)
5. Ensure mutual confidentiality between business divisions within the company and subsidiaries, with regard to information belonging to customers and suppliers
6. Ensure that all applicable employees, commissioned partners and outside contractors comply with legislation pertaining to information security, as well as requirements set out in related rules and contracts, and look after the needs of all concerned parties
7. Organize education and training on information security for all employees on a regular basis
8. Ensure that any violations of information security or suspected incidents and its cause of vulnerabilities are reported and investigated
9. Take the following actions in order to ensure information security and put this Basic Policy on Information Security into practice
   • Prevent information assets entrusted by customers and suppliers from being lost, stolen, accessed without authorization, or leaked
   • The Chief Information Security Officer (CISO) shall take steps to raise awareness of the importance of information management and information security across all employees
   • Reduce information security incidents across all operations.
10. Review risk assessments, conduct internal audits, and carry out activities such as management reviews and remedial measures, in order to make improvements and ensure that the company's ISMS is always operating to the highest possible standard.

Requirements and penalties

1. All applicable employees, commissioned partners and outside contractors are required to ensure the security of information assets belonging to customers.
2. All applicable employees, commissioned partners and outside contractors shall follow specified procedures in order to uphold this basic policy.
3. All applicable employees, commissioned partners and outside contractors shall take responsibility for reporting violation of information security, or suspected incidents and its identified cause of vulnerabilities.
4. All applicable employees, commissioned partners and outside contractors shall be subject to disciplinary and legal action if they engage in any form of conduct that threatens the security of information assets belonging to customers, or any other information that has come into the group's possession during the course of its business activities.