OPMAC Corporation (hereinafter referred to as “the Company”) has developed “Information Security Policy” applicable to all personnel who handle the Company’s information assets. This Policy is intended to protect those assets from threats such as incidents, disasters and crimes, and to continuously earn the trust of our clients and society. By complying with the basic policy outlined below and properly managing and operating our information assets, we are committed to maintaining information security.

1. Responsibility of Management

The Company is committed to the organizational and continuous improvement and enhancement of information security under the leadership of its management.

2. Employee Efforts

All employees of the Company shall acquire the necessary knowledge and skills required for information security and ensure our commitment to information security.

3. Compliance with Legal and Contractual Requirements

The Company shall comply with all applicable laws, regulations, standards and contractual obligations relating to information security, while also meeting the expectations of our clients.

4. Response to Violations and Incidents

In the event of any legal or contractual violation or security incident relating to information security, the Company shall promptly investigate the cause and take corrective actions to minimize the impact, while striving to prevent recurrence.

5. Development of Internal Systems

The Company shall clarify its responsibility framework for maintaining and improving information security and has established formal internal guidelines for information security measures. These guidelines apply to all personnel who may handle the Company’s information assets. The main compliance requirements are as follows:

     ( a ) Information security in the workplace

     ( b ) Information security in remote work

     ( c ) Information security training

     ( d ) Management of confidential information

     ( e ) Use of personal computers (PCs)

     ( f ) Use of networks

     ( g ) Use of email

     ( h ) Anti-virus measures

     ( i ) Monitoring standards

     ( j ) Response to security incidents

     ( k ) Response to non-compliance