Information Security Policy

Article 1 (Purpose)

XICA Corporation (hereinafter referred to as "our company") is a company that is trusted by its business partners, including customers, and has established this information security policy (hereinafter referred to as "this policy") with the aim of preventing incidents related to the security of data of our business partners, employees, etc., thereby ensuring social trust and minimizing business losses.

Article 2 (Scope of Application)

This policy applies to all of our facilities and information assets.

Article 3 (Definition of Terms)

Information security means ensuring and maintaining confidentiality, integrity, and availability.

  1. Confidentiality refers to the property of making information assets unavailable or private to unauthorized individuals, entities (organizations, etc.) or processes (protecting information assets from disclosure or unauthorized access).
  2. Integrity refers to the property of protecting the accuracy and completeness of information assets (protecting information assets from tampering or errors).
  3. Availability refers to the characteristic of being able to access and use information assets when requested by an authorized entity (organization, etc.) (protecting information assets from loss or damage, system downtime, etc.).

Article 4 (Implementation Items)

  1. We will establish, implement, operate, monitor, review, maintain and improve an information security management system to protect all applicable information assets from threats (leakage, unauthorized access, tampering, loss or damage).
  2. Information assets will be handled in compliance with applicable laws, regulations and contractual requirements.
  3. To prevent business operations from being interrupted in the event of a major failure or disaster, we will develop and regularly review prevention and recovery procedures.
  4. We will provide regular education and training on information security to our directors and employees.

Article 5 (Responsibilities, Obligations and Penalties)

  1. The CEO is responsible for information security. To this end, the CEO will provide the directors and employees with the resources they require.
  2. All officers and employees are obligated to protect all of the Company's information assets, including information about business partners.
  3. All officers and employees must follow the procedures established to maintain this policy.
  4. All officers and employees are responsible for reporting any incidents or weaknesses in information security.
  5. If an employee engages in any conduct that endangers the protection of information assets that are handled, including but not limited to information of business partners, the employee will be disciplined in accordance with the "Work Regulations" and "Reward and Punishment Regulations."

Article 6 (Periodic Review)

The information security management system will be reviewed once a year to keep up with changes in the environment.

Article 7 (Supervising Department)

This policy is managed by the Software Engineering Department of the Development Headquarters.

Article 8 (Amendment and Repeal)

Any revisions or abolitions to this policy shall be in accordance with the "Regulations Management Regulations."

Supplementary provisions
Enacted and enforced on April 2023, 4