1. Purpose

Digirise Inc. (hereinafter referred to as "our company") uses many information assets in carrying out our business and managing our employees (hereinafter referred to as "our business"), and therefore we recognize that implementing appropriate information security and working to protect information assets is an essential requirement for promoting corporate activities with the trust of society, as well as an important social responsibility. Therefore, in light of the importance of information security, we have established this information security policy (hereinafter referred to as "this policy") and will establish, implement, maintain, and improve an information security management system to specifically implement it.

2. Implementation Items

In accordance with this policy and our information security management system, we will implement the following items.

Information Security Purposes

We will formulate information security objectives that are consistent with this policy and take into account applicable information security requirements as well as the results of risk assessments and risk responses, and will notify all employees of these objectives. We will also review these objectives periodically, even if there are no changes, and will update them as necessary in response to changes in our environment.

Handling of information assets

• Access will be granted only to those who need it for business purposes.
• We manage information security in accordance with legal and regulatory requirements, contractual requirements, and the provisions of our information security management system.
• We will appropriately classify and manage information assets according to their importance in terms of their value, confidentiality, integrity, and availability.
• We will conduct ongoing monitoring to ensure that information assets are being managed appropriately.

risk assessment

• We will conduct risk assessments, implement appropriate risk responses and introduce management measures for the information assets that we determine to be the most important based on the characteristics of our business.
• We will analyze the causes of information security-related accidents and implement measures to prevent recurrence.

Business Continuity Management

• We will minimize business interruptions caused by disasters and breakdowns, and ensure business continuity.

education

We provide information security education and training to all employees.

Compliance with regulations and procedures

We will comply with the regulations and procedures of the information security management system.

Compliance with legal, regulatory and contractual requirements

We will comply with legal, regulatory and contractual requirements regarding information security.

Continuous Improvement

We will strive to continually improve our information security management system.

3. Responsibilities, Obligations and Penalties

The CEO is responsible for the information security management system, including this policy, and employees within the scope of application are obligated to comply with the established rules and procedures. Employees of partner companies will be dealt with in accordance with individually established contracts, etc.

4. Periodic review

The information security management system will be reviewed periodically and as necessary, and maintained and managed.

Established: May 7, 2025
Last revised on May 7, 2025
Representative Director: Masahiro Chaen