INFORMATION SECURITY POLICY

Basic Principle

With the commitment of all employees in creating what they can proudly present to the world (namely our organization with its products, and services), oRo's goal is to continue to deliver more happiness and joy to more people (coworkers, families, business partners, shareholders and society), and lead all our employees to self-fulfillment through our efforts to achieve this goal.

We recognize that it is critical to ensure information security in order to offer products and services in today's highly advanced information society and that ensuring information security is one of our corporate responsibilities to our business partners, shareholders and society. We will make efforts to create and manage an information security management system so that we can earn the trust of our business partners, shareholders and society.

Basic Policy
  1. Information Security Objective
    We will formulate an Information Security Objective as a goal to raise awareness among our officers and employees about this policy and information security, while realizing the continuous improvement thereof.
  2. Identification of Information and Measures to be Taken
    We will identify important information relating to our business activities. The Security Management Committee and each chief administrator will implement the best available measures to make sure that such information will be protected.
  3. Obligations of Officers and Employees
    Our officers and employees will act in accordance with this policy.
  4. Compliance with Laws and Regulations
    In protecting the important information relating to our business activities, we will comply with legal and regulatory requirements and our contractual obligations.
  5. Continuous Improvements
    We will establish a management system in order to continously improve and enforce our information security as well as to respond to new threats.
  6. Definition of Information Security
    Information security is defined as maintaining the confidentiality, integrity and availability of information.
  7. Appointment and Duties of Administrators
    We will organize the Security Management Committee as a system to promote ISMS, whose core members are served by the ISMS Head and administrators.
  8. Audit
    We will periodically verify our adherence to our ISMS.
  9. Information Security Education
    We will promote education and training activities regarding information security.
  10. Review of Basic Policy
    We will review this policy as necessary if the management environment is affected by any change made to our business activities or legal or regulatory requirements.

October 10, 2018
Atsushi Kawata
CEO, oRo Co., Ltd.

In case of any inconsistency between the Japanese version and the English version in our website, the Japanese version prevails.