Electronic Information Security Policy

1. Establish the Information Security Management Structure

A secure* information security management structure shall be established to protect all Information Assets owned by the Tsubaki Group. By complying with the laws, regulations and other rules pertaining to information security, the Tsubaki Group aims to gain trust from society.

* “Secure” means a situation where appropriate measures are taken to prevent illegal access, etc. by using technologies such as encryption, authentication and vulnerability detection, and by building firewalls, etc.

2. Assign an Information Security Officer

An Information Security Officer shall be assigned, and the Computerization Committee and Global IT Summit shall be organized. This measure will allow the Tsubaki Group to accurately grasp the information security situation across the Tsubaki Group, as well as take aggressive action to quickly implement required measures.

3. Establish Information Security Rules

Internal regulations based on the Information Security Policy shall be organized to set forth the policies for the overall handling of personal information and Information Assets as well as to widely publicize to both inside and outside the Tsubaki Group that we will stand firm against information leaks.

4. Establish Auditing Structure

Planned audits shall be conducted to review the Information Security Policy and compliance with regulations to confirm that our employees are complying with the Information Security Policy.

5. Implement Systems with Thorough Information Security Measures

Systems with built-in security measures shall be implemented to prevent illegal access, leaks, illegal modifications, loss, damage, prevention of use, etc. to Information Assets. In particular, systems shall be developed and run that strictly implement access rights management for data and systems.

6. Improve Information Security Literacy

Employees, etc. shall receive security training so that all persons accessing Tsubaki Group Information Assets can perform their tasks with information security literacy. Continued training will be performed to support the ever-changing environment.

7. Strengthen Management of Subcontractors

When entering into subcontracting agreements, the Tsubaki Group shall thoroughly review the appropriateness of the subcontractor, and request the subcontractor to maintain appropriate security levels. The Tsubaki Group shall also review the subcontractor and make efforts to strengthen the terms and conditions on a continued basis to conform that the aforementioned security levels are being maintained in an appropriate manner.

8. Scope of Information Security Policy

“Information Assets” in this policy refers to information that the Tsubaki Group has received and becomes known to the Tsubaki Group* and all information that the Tsubaki Group owns for business use. The officers, employees and other directly employed persons of the Tsubaki Group who handle or manage these Information Assets shall comply with the Information Security Policy. The Tsubaki Group shall also legally enforce compliance with the Information Security Policy upon contract staff and subcontractors under the respective agreements.

Established: April 1, 2020

Toward a Sustainable Society

The Tsubaki Group is engaged in the “art of moving” and aims to provide value that exceeds expectations
to become a company that continues to be needed by society.