BASIC POLICY FOR INFORMATION SECURITY

Basic Policy for Information Security

1. Purpose

It is the purpose of this policy to minimize loss of business and ensure the trust of our clients by preventing incidents related to the security of client information as an asset management company receiving the trust of our clients.

2. Definition of Information Security

Information security means the maintenance and protection of applicability, integrity and confidentiality.

(1)
Confidentiality : access to client information by only those persons having authorized access.
(2)
Integrity : accuracy of client information and accuracy and completeness of processing methods for client information.
(3)
Applicability : access to required client information only as necessary by persons with access authority.

3. Scope of Application

The scope of application of information security management shall be the following organizations, sites, businesses and networks.

(1)
Organization : whole organization
(2)
Site : The head office and the Tokyo branch.
(3)
Businesses : All businesses.
(4)
Network : All floors in the head office, and the Tokyo branch.

4. Enforcement Provisions

(1)
The maintenance and protection of "applicability", "integrity" and "confidentiality" which are the basic maintenance principles of information security.
(2)
No use shall be made of client information in contravention of law and regulation or social norms.
(3)
The formulation and execution of information security shall clarify the role and the responsibility of the implementation system and shall carry out effective and efficient procedures in a prompt manner when required.
(4)
Prevention and restoration measures shall be instituted to avoid interruption to business as a result of serious damage or disaster and such procedures shall be periodically reviewed.
(5)
All employees shall undergo periodic training and education within a reasonable scope with respect information security.
(6)
All infringements of information security and uncertainties and weaknesses shall be investigated and reports shall be prepared.

5. Responsibilities, Duties and Penalties

(1)
The responsibility for information security shall be borne by the Chief Executive Officer. As a result, the Chief Executive Officer shall provide a reasonable scope of staff with required information.
(2)
The reasonable scope of staff shall bear responsibility for maintaining client information.
(3)
The reasonable scope of staff shall abide by the procedures prescribed for the maintenance of the basic policy.
(4)
The reasonable scope of staff has the responsibility to report weaknesses and incidents related to information security.
(5)
The reasonable scope of staff shall be subject to penalty pursuant to employee regulation when committing acts endangering the protection of information assets handled by the company not limited to client information.

6. Periodic Review

The review of information security management systems shall be performed periodically in accordance with changes to circumstances.

REGALO CAPITAL Co., Ltd.
Chief Executive Officer Takashi Ito

Page Top