Information Security Policy

Date of enactment: 4 November 2025
Last revised: 4 November 2025

1. Fundamental Principles

We recognise that it is our corporate social responsibility to protect and appropriately manage the vital information assets of our customers, business partners and employees from various threats. Under this fundamental policy, we shall work organisation-wide to maintain and enhance information security, thereby fulfilling the trust placed in us by our customers.

2. Scope of Application

This policy applies to all individuals involved in our company's operations, including directors, employees, contract staff, temporary staff, part-time workers, and others. It also applies to all information assets held and managed by our company.

3. Action Guidelines

3.1 Establishment of Management Systems

We shall establish a management framework for information security and promote an organised approach with clearly defined responsibilities and authorities.

3.2 Development and Implementation of Internal Regulations

We shall establish regulations and procedures concerning information security and operate them appropriately. Furthermore, we shall conduct regular reviews and strive for continuous improvement.

3.3 Employee Education and Training

We shall conduct regular education and training on information security to enhance employee awareness and improve security literacy.

3.4 Compliance with Legal and Contractual Requirements

We shall comply with the Personal Information Protection Act and other relevant laws, regulations, and contractual obligations.

3.5 Implementation of Technical Security Measures

Appropriate technical security measures shall be implemented to prevent unauthorised access, loss, destruction, falsification, or leakage of information assets.

3.6 Implementation of Physical Security Measures

Physical measures shall be implemented to protect facilities and equipment housing critical information assets from unauthorised access, theft, destruction, and similar threats.

3.7 Response in the Event of an Accident

In the event of an incident concerning information security, we shall respond promptly and appropriately to minimise damage and strive to prevent recurrence.

3.8 Continuous Improvement

We shall periodically review the information security management system and strive for continuous improvement.

4. Response to Violations

Violation of this policy and related regulations may result in disciplinary action or other measures in accordance with the employment regulations.

Date of enactment: 4 November 2025

ConeX Ltd
CEO: Hikaru Watanabe

※This policy shall be made public both internally and externally, and thoroughly communicated to all employees.
※This policy will be reviewed as appropriate in response to amendments to laws and regulations, changes in the social environment, and other factors.