Basic Information Security Policy

In order to maintain our customer's trust and provide better services, we have security measures in place to protect our users personal information from loss , theft, or unauthorized use. To this end, our employees are trained to have a high regard for security, conscientious of how actions can affect security, to ensure the security of both physical and technological assets. Information as to how our company protects information assets is outlined in our "Basic Information Security Policy".

All employees, including management, understand and comply with the contents of our information security procedures.

1.Definition of information security

Information security is defined as maintaining the confidentiality, completeness, and availability of information.

2.Scope of application

This information covers all business activities under our control.

3.Designation and Obligation of the Administrator

The company shall appoint a committee within the company (hereinafter referred to as the ISMS committee). The ISMS Committee appoints task organizations from each department (hereinafter referred to as Task Force). The appointed task force protects information from unauthorized use, tampering, and service interruption.

4.Security measures

The company shall take appropriate information security measures for all acquired information.

5.Employee Obligation

All employees, including part time employees, are subject to the "Basic Information Security Policy", and "Information Security Procedures (ISO 27001: Procedure Created by our Company in accordance with 2006 Regulations)". Violators will be penalized.

6. Information Identification and Countermeasures

The ISMS Committee identifies trade secret information and privacy related to such information. Appropriate security measures will be applied to all identified information to protect it.

7.Personal Information Protection

The company shall protect personal information in accordance with the laws, regulations, and guidelines concerning personal information protection.

8.Confidential Information Management

The company shall protect confidential information of clients and our company according to the Unfair Competition Prevention Act.

9.Copyright protection

The company shall protect copyrighted work in accordance with the copyright law.

10.Implementing Information Security

The protection of company information shall be enforced by the ISMS Committee.

11.Education

Information security awareness and educational activities shall be promoted by the ISMS Committee under the support of the management layer.

12.The Cornerstone of Risk Assessment

As a sales and marketing outsourcing business, we recognize the importance of sharing information with the food and beverage industry, human resource education, and consulting industry, the risk magnitude and responsibility as this kind of company, and have established a process (hereinafter referred to as risk assessment) to determine whether or not a risk is worth it. Moreover, identifying and protecting information assets. It also defines information assets and identifies information assets to be protected. The asset value of the identified information and the degree of influence at the time of loss is determined to evaluate the vulnerabilities of said assets based on the risk assessment procedure.