ALBACONNECT

Information Security Policy

ALBACONNECT Inc. (hereinafter referred to as "the Company") strives to earn the trust of customers and society by properly handling information assets held or managed by the Company and protecting them from risks such as leakage, tampering, and unauthorized access.

The Company is committed to ensuring, maintaining, and improving information security based on the following policies to achieve appropriate protection and safe management of information assets.

1. Purpose

This policy aims to ensure and maintain the Company's information security by establishing basic policies for appropriately protecting and safely managing information assets held or managed by the Company.

2. Scope of Application

This policy applies to information assets handled by all parties involved in the Company's business activities, including officers, employees, contract workers, temporary staff, and outsourced contractors.

It also covers services, systems, networks, cloud environments, and related facilities provided by the Company.

3. Information Security Management Structure

The Company establishes an organizational structure for appropriately managing information security, centered on management, and defines regulations, procedures, and management standards for information security, operating them appropriately.

Furthermore, the Company clarifies responsibilities and authorities related to information security and implements organizational management.

4. Management of Information Assets

The Company recognizes the importance of information assets it holds or manages from the perspectives of confidentiality, integrity, and availability, conducts risk assessments, and implements appropriate protective measures.

The Company also establishes and appropriately operates management procedures for the acquisition, use, storage, transfer, and disposal of information assets.

5. Improving Information Security Literacy

The Company continuously provides education and training on information security to all employees to improve information security awareness and literacy.

6. Incident Response

In the event of an information security incident, violation, or suspected violation, the Company will respond promptly and appropriately to minimize damage, investigate the cause, and prevent recurrence.

7. Compliance with Laws and Contracts

The Company complies with applicable laws, regulations, and contractual obligations in its business activities.

8. Business Continuity Management

The Company strives to establish a management system to minimize the risk of business interruption due to disasters, system failures, human errors, fraud, etc., and to ensure business continuity.

9. Measures for Policy Violations

Employees of the Company shall act in accordance with this basic policy, and violations may be subject to disciplinary action based on employment regulations.

10. Continuous Improvement

The Company continuously reviews and improves its information security management structure and measures based on audit results, risk assessments, incident response results, and changes in the business environment.

ALBACONNECT Inc.

Established: March 17, 2026