• 1.This policy shall be applied to the information assets related to the business activities of QUNIE.
• 2.Information assets include information as a business resource, for example, technology or know-how (documents, data, etc.), information systems and the facilities/equipment involved in the protection and use thereof.

• 1.Comply with the copyright law, the illegal access prohibition law, the personal information protection law and ISMS-related rules and regulations.
• 2.Deepen the understanding on threats and weaknesses of the information assets through appropriate risk assessment.
• 3.Effectively operate the ISMS to reduce security risks to an acceptable level.
• 4.Establish, maintain and assess a business continuity plan.
• 5.Conduct education and training on information security for all employees of QUNIE.
• 6.Consider the speed of technical innovation and make efforts to proactively introduce always the latest technology.

Establish an Information Security Committee to deliberate, implement measures and perform assessments on security standards and security requirements, on the basis of the ISMS Basic Policy. Assign an Information Security Supervising Manager to aim for a smooth promotion of the ISMS upon decision of the Information Security Committee. On the basis of the implementation policy of the Information Security Committee, the managers of each division shall, for the information assets in their own division, perform risk assessment, establish management measures, create a risk response plan, and perform implementation and evaluation in order to continually improve the ISMS.

The ISMS Internal Audit Manager shall audit the compliance status with the ISMS Basic Policy, the Information Security Basic Rules and various other standards at QUNIE, as well as the implementation status and compliance status of the risk response plan regularly every year.

QUNIE employees who committed acts violating the ISMS Basic Policy, Information Security Basic Rules and related standards and regulations shall be applicable for proceedings according to the disciplinary punishment in the Rules of Work.