Security policy

1.Purpose
Security policy (hereinafter referred to as “this policy”) is for Insight Edge, Inc. (hereinafter referred to as “our company”) to recognize that the appropriate handling of information is an important management challenge, and to define the basic policy regarding information security in order to ensure information security.

2.Disclosure of security policy
As a company that provides information services safely and stably, we strive to handle customer information and confidential company information strictly, and always take the appropriate protective measures against the risk of information leakage. We endeavor to earn the trust of our customers and related parties by taking the above measures. For this reason, we publish this policy internally and externally and declare that we comply with it.

3.Scope
All of our officers, employees, and temporary workers comply with this policy.

4.Information security management system
In order to protect and properly manage all the information assets we hold, we maintain a system that enables us to monitor the status of information security management and promptly implement necessary security measures by risk analysis.

5.Implementation of information security measures
In order to prevent incidents such as unauthorized access, destruction, information leakage, and information assets falsification, we have established the appropriate information security organizational system, physical measures, technical measures, and operational measures, administrative and human measures, and incident response measure. In particular, in the event of an information security breach, we strive to promptly recover and resolve it, and provide our information service business with high reliability and continuity.

6.Establishment of internal rules regarding information security
We will maintain internal rules based on this policy and thoroughly disseminate, within the company, clear policies and rules for proper management of information assets.

7.Implementation of information security education
We provide information security education and training to officers, employees, temporary staff, and related parties to improve information security literacy and to continuously carry out the appropriate management of our information assets.

8.Implementation of appropriate outsourcing management
When outsourcing all or a part of our business, we strive to thoroughly examine the reliability of the outsourcing destinations and maintain the same level of security as our company via contract. In addition, in order to continuously confirm that these security levels are properly maintained, we strive to carry out regular audits of the outsourcing destinations and review their management system.

9.Compliance
In addition to complying with the related laws and regulations, we endeavor to thoroughly comply with the rules and regulations established by our company, and if there are any violations, we will take strict measures to ensure the appropriate information management.

10.Implementation of internal information security audits
Our company regularly, or irregularly,conducts internal information security audits in order to verify that the laws and regulations related to information security and the rules and regulations set by the company are observed and functioning effectively in the execution of business.

11.Implementation of continuous improvement
We strive to implement continuous improvement of information security measures by regularly evaluating and reviewing 2 to 10 initiatives at the Information Security Committee.