Information Security Policy

Foster Electric Company Limited and related companies (below, The Company Group), based on a company policy of “Sincerity”, consider ensuring the confidence of clients, stockholders, employees, and other stakeholders a critical element of their business, and have determined that proper handling of information assets is an important task for management.

The information security policy (below, The Policy) defined below has been enacted to ensure proper storage of information assets possessed by The Company Group.

Information Security Management Structure

The Company Group, in order to appropriately store and manage all information assets in its possession, will create an Information Security Committee with membership up to the executive management ranks which maintains the necessary structure for grasping the current conditions of information security management and promptly implementing security policy as necessary based on risk analysis.

An emergency handling plan is also in place to ensure rapid and appropriate action can be taken in the event of an information security incident or other emergency situation.

Preparation of Internal Regulations Related to Information Security

The Company Group will draft internal regulations based on This Policy and the personal information protection policy, and clear objectives and rules for the storage and management of information assets will be made common knowledge for all employees.

Implementation of Information Security Countermeasures

The Company Group will implement security countermeasures from systematic, personal, physical, and technical safety management perspectives in order to prevent incidents such as improper access, destruction, leakage, and falsification related to information assets before they occur.

Also, if The Company Group outsources either all or a portion of its business operations, an inspection will be implemented for the outsourcing site to ensure sufficient competence, and in addition to requiring the site to maintain a security level at or above that of The Company Group, the conditions at contracted operator sites will be reviewed regularly and The Company Group will make efforts to strengthen these contracts.

Implementation of Information Security Education Programs

For all employees and related personnel, The Company Group will implement continuous information security education and training programs in order to both improve information security literacy and ensure appropriate management operations are carried out for the information assets of The Company Group.

Implementation of Continuing Improvements

By carrying out regular internal audit evaluations of compliance for This Policy, as well as internal regulations and rules, and implementing revisions and improvements based on the results of these evaluations, The Company Group will continually improve its system for information security management.