EJEC believes that fundamental and high level information security measures are essential to protect the precious information assets of clients and to fulfil the company’s social responsibility based on the corporate philosophy of contributing to the creation of a genuinely affluent society with excellent technologies which are friendly to the global environment and ability for precise judgement. Based on this belief, EJEC has formulated and will abide by the “Information Security Policy” which explicitly states the basic principles for information security.

1. Status of the Information Security Policy

This Information Security Policy is to set forth the basic principles for information security in accordance with a “socially accountable company with a high level of professional ethics and compliance awareness” as defined under the “Objectives and Corporate Responsibilities” of the Basic Business Management Policies of the E-J Group.
EJEC operates this Information Security Policy as the highest level policy of its information security measures.

2. Establishment of an Information Security Management System

EJEC sets up a section responsible for information security as part of its Headquarters organization and appoints an information security manager.
With such arrangements, EJEC develops a system which is capable of constantly understanding the company-wide security situation so that any necessary measures can be swiftly implemented.

3. Development of Internal Rules for Information Security

EJEC develops internal rules based on the Information Security Policy explained here, setting out concrete procedures for the implementation of information security measures concerning confidential information control, important information control, personal information control, etc. and makes every staff member fully aware of these procedures.

4. Realization of a System Corresponding to Information Security

Every effort is made to ensure and confirm the proper functioning of the information system in terms of both hardware and software and the appropriateness of data. In addition, necessary measures are employed for the in-house information system so that no leaking, falsification, loss or destruction, etc. of the information assets takes place.

5. Responsibilities and Education of Staff Members

Every staff member using information assets of EJEC conducts the work with full awareness of the importance of information security and the legal and social responsibility involved in the handling of information assets.
For this reason, education on security is conducted for all officers and staff members as well as loaned staff and temporary staff.

6. Strengthening of the Control System at Outsourced Contractors

When EJEC outsources any work, it thoroughly checks the suitability of the contractor in terms of information security. EJEC also checks the maintenance of an appropriate security level at outsourced contractors from time to time.

June 1, 2009