In accordance with the “Information Security Policy” of QUNIE Corporation（hereinafter referred to as “the Company”), in order to operate the Company’s information security appropriately and safely from the aspects of confidentiality, integrity and availability, We establish the ‘Principle Information Security Policy’.
Those who use our information assets must comply with the ‘Principle Information Security Policy’ and strive to maintain and improve it in accordance with an information security management system (hereinafter referred to as ‘ISMS’) complying to with JIS Q 27001 (ISO/IEC 27001).

（1）Applies to all information assets relating to the Company’s business activities.

（2）Information assets shall include not only but information (documents, data, etc.) as management resources, such as technology, know-how, information systems, and those facilities/equipments involved in protecting and using them.

（1）Comply with Copyright Act, Act on Prohibition of Unauthorized Computer Access, Data Privacy Act and ISMS-related regulations.

（2）Develop an understanding of the threats and vulnerabilities of information assets through appropriate risk assessments.

（3）Effectively operate the ISMS and reduce security risks to an acceptable level.

（4）Develop, maintain and evaluate business continuity plans.

（5）Education and training in information security is provided to all employees of the Company.

（6）Considering the speed of technological progress, always be proactive in introducing the latest technology.

（7）The purpose of information security is to prevent information security incidents such as ‘information leaks’, ‘falsification’ and ‘theft’ by properly operating the ISMS, and to build a reliable relationship with customers and society.

（1）“Information Security Committee” is established for deliberations on security standards and security requirements based on this Principle Information Security Policy, and to implement and evaluate the measures.

（2）Information Security Secretariat is formed for the smooth promotion of ISMS, based on the decisions of the Information Security Committee.

（3）Leaders of each Group shall have responsible for the information of their own department, risk assessment of assets, development of control measures, development and implementation of risk response plans and　also evaluate and strive for continuous improvement of the ISMS in accordance with the implementation policy of the Information Security Committee.

The status of compliance with this Principle Policy, Information Security Policy and various standards rules in the company, as well as the implementation of and compliance with the risk response plan, shall be verified through the regular security audits every year.

Any employee of the Company who commits the breach of the Information Security Policy, and related regulations shall be subject to disciplinary action under Employment Rules.