Basic Policy on Information SecurityBasic Policy on Information Security

1. Purpose

  The information collected, created and utilized in business activities of the Company is economically valuable and a precious asset to the Company. In order to utilize such information in a safe and efficient manner, the Company has to promote the appropriate management of information, and establish and maintain the infrastructure to proactively utilize information. The Company further has to ensure, as part of its corporate social responsibility, that any incident such as information leakage or unauthorized use that will result in loss of the Company’s social credibility will never occur. The Company focuses on appropriate risk management in information security as one of its most important information strategies, and will move forward with such risk management.

  This Basic Policy describes the guidelines that the Company's officers and employees and outside interested parties using the Company's information should observe to ensure information security.

2. Basic Policy on Information Security

(1) Implementation of appropriate management of user IDs and passwords
Each system will authenticate an information user by using his/her ID and password, and appropriately protect against leakage of passwords.
(2) Protection of Information Assets
Information assets of the Company will be appropriately handled to protect against threats such as information destruction, leakage, eavesdropping, falsification and viral infection.
(3) Implementation of Access Control
The right to access information assets of the Company, etc. which is granted to information users shall be restricted to the minimum extent necessary, and should be appropriately controlled to prevent unauthorized access.
(4) Implementation of Countermeasures against Computer Viruses
In handling information assets of the Company, countermeasures against viral infection will be taken, and appropriate precautionary measures will also be taken to prevent the transmission of viruses to third parties.
(5) Implementation of Log Management
Information systems and information assets, etc. will be monitored, and monitoring records will be appropriately stored and maintained so that the actual conditions will conform to the security measures based on this policy.
(6) Implementation of Physical Access Management
Information systems handling important information and information assets, etc. supporting important business activities will be appropriately protected against physical damage such as fire, etc. as well as threats such as theft and destruction due to unauthorized access.
(7) Establishment of Security Control System
Security measures will be implemented and controlled, and the management framework should be clarified to establish the security measures to be implemented as part of the Company’s corporate culture.
(8) Implementation of Measures for Information Ethics
Information assets of the Company will be efficiently used for authorized business purposes only. In addition, information ethics measures will be taken to the minimum extent necessary therefor.
April 1, 2013
Mosnic Corporation
President and CEO Yasumasa Suzuki