Works Applications, Inc. and its group companies recognize that it is their social responsibility to protect their information assets from all threats, to ensure the necessary information security for this purpose, and to ensure the continuity and stability of their business activities. In order to realize this, we have established a basic policy for information security.
Employees within the scope of application shall understand the purpose of this policy, and shall familiarize themselves with and comply with the Information Security Basic Policy, rules, and procedures.

Information security means maintaining the confidentiality, integrity, and availability of information.

The information security objectives are to ensure the confidentiality, integrity, and availability of information assets, and in the event of an information security incident, to take appropriate measures to minimize the damage and prevent recurrence by promptly recovering from the incident.

The scope of application shall be Works Applications, Inc. and its group companies, and shall cover the information assets handled in the businesses within the scope of application. In addition, all persons who handle the information assets shall be subject to the information security objectives.
In addition, the contractor shall enter into a contract with the contents complying with this basic policy and apply it.

An Information Security Committee shall be established for the purpose of implementing information security, and an Information Security Manager shall be appointed to be responsible for maintaining information security.

Establishment and maintenance of the Information Security Management System (ISMS) shall be conducted in alignment with the organization's strategic risk management perspective.
Risk assessment is conducted based on the confidentiality, integrity, availability, threats, and vulnerabilities of information, and risk mitigation measures are taken to mitigate high risks.

All employees within the scope of this policy must comply with all laws and regulations related to information security.

The contents of this basic policy shall be made known to all applicable employees, and necessary training shall be provided on an ongoing basis to maintain information security.

Take measures to ensure business continuity in order to minimize business interruption due to disasters, breakdowns, etc.

Conduct internal audits periodically and as necessary to ensure that information security is being observed.
In addition to improvements through these audits, the company shall conduct reviews in response to changes in the environment, such as changes in information systems and new threats, and implement continuous improvements.

Employees who violate the regulations on information security shall be subject to disciplinary action based on employment regulations or the application of penalties based on contracts.