Basic Philosophy

TechnoStar Co., Ltd. (hereinafter referred to as “the Company”) conducts its business based on the corporate philosophy:

“We contribute to society through CAE and co-create the future.”

Information assets handled in the course of our business, including customer information, are extremely important as the foundation of the Company’s management.

Recognizing the importance of protecting information assets from risks such as leakage, damage, and loss, all persons who handle information assets, including officers and employees, shall comply with this Policy and actively engage in initiatives to maintain information security, including confidentiality, integrity, and availability of information assets.

Basic Policy

1. In order to protect information assets, the Company establishes an Information Security Policy and related rules and regulations, conducts business in accordance with them, and complies with laws, regulations, other relevant standards related to information security, as well as contractual obligations with customers.
   
   
2. The Company clarifies criteria for analyzing and evaluating risks such as leakage, damage, and loss that exist for information assets, establishes a systematic risk assessment methodology, and conducts risk assessments on a regular basis. Based on the results, necessary and appropriate security measures shall be implemented.
   
   
3. The Company establishes an information security management structure led by the executive in charge, and clearly defines authorities and responsibilities related to information security. In addition, in order to ensure that all employees recognize the importance of information security and properly handle information assets, the Company conducts regular education, training, and awareness activities.
   
   
4. The Company periodically inspects and audits compliance with the information security policy and the handling of information assets. Any deficiencies or areas for improvement identified shall be promptly corrected through appropriate corrective actions.
   
   
5. The Company takes appropriate measures in response to the occurrence of information security events and incidents. In preparation for such occurrences, response procedures to minimize damage are established in advance, and in the event of an incident, the Company responds promptly and implements appropriate corrective actions. In particular, for incidents that may lead to business interruption, a management framework is established and regularly reviewed to ensure business continuity.
   
   
6. The Company establishes an Information Security Management System (ISMS) with objectives set to realize the basic philosophy, implements and operates it, and continuously reviews and improves it.

   ---