Basic Policy on
Information Security

（1）Scope
The Policy shall apply to all electronic data recorded in the Company’s information systems and all of those who handle such information.

（2）Organization and Structure
The Company shall establish an information security management system and clarify the responsibilities and authority of organizations and persons in charge.

（3）Information Security Measures
The Company shall set forth the following measures in its “Information Security Rules” (hereinafter referred to as the “Rules”), thereby classifying and managing information handled by its information systems so that falsification, loss, leakage, unauthorized access and other disruptions concerning the information assets will not occur.

• Physical measures against information systems
• Technical measures concerning information assets
• Measures necessary for education and enlightenment concerning information security

（4）Ongoing Operations
To ensure the effectiveness of the measures described above, the Company shall periodically check the status of compliance, both internally and externally. In addition, it shall establish an emergency response plan to enable prompt response in the event of an emergency and continuously implement it.

（5）Compliance with Laws and Regulations
The Company shall comply with laws and regulations concerning information security as well as internal rules.

（6）Evaluation and Review
The Company shall periodically evaluate its information security measures and review them as necessary in light of any new threats that may arise.

April 2021
Yoshinori Matsuzaki
Representative Director, President and CEO
UNITED ARROWS LTD.