SECURITY POLICY

Levias Inc. (hereinafter referred to as "Company") conducts businesses including entrusted software development, system construction, consulting and advertisement sales.

The importance of maintaining credibility in the businesses is extremely important not only to customers but also to the society. The Company`s responsibility is to maintain a high level of confidentiality of customer information and to maintain an extremely stable information system environment used by customers. In addition, all employees of the Company must be aware that the Company`s information processing is built on the trust of our customers and the society.

In order to fulfill these responsibilities imposed on the Company, the Company has established a basic information security policy. All persons related in any way to the Company`s businesses shall act based on the established policy below.

• Establish an internal organization in which management participates to promote and improve information security activities. In addition, the Company establishes roles and responsibilities for information management and make every possible effort to operate the information security management system properly.
• The employees of the Company shall comply with information security policies, related laws, regulations, contractual obligations, and act responsibly.
• Establish criteria for assessing risks, clarify the risks of information assets, and implement a risk response plan.
• In order to protect the information entrusted to the Company by the customers and continue the Company`s business, the Company shall strictly protect information processing facilities and related equipment from accidents, disasters and external interference.
• The information security management system shall conduct regular reviews, evaluate its effectiveness, and make improvements continuously. In addition, internal audits shall be conducted on a regular basis to clarify compliance with the established rules.
• The Company shall establish emergency measures in the event of an accident or disaster in the services the Company provides and take measures to continue the businesses without delay.
• Education and training shall be provided to all employees, etc. related to information assets within the scope of application, regarding basic policies, related standards, and procedures regarding education and information security to have the competences necessary for work.