Information Security Policy

TOLOT Co., Ltd. and group companies (“the Company”) appropriately manages information received from customers and other companies during the course of its business operations, and ensures that the information is protected with a sufficient level of security.
ISO/IEC 27001:2022 and JIS Q 27001:2023 standards are applied, and an Information Security Management System (ISMS) which meets the requirements of these standards has been created and the Company uses, reviews and revises, maintains, and improves this ISMS.
The frameworks for determining information usage objectives, overall information security activity approach, and principles of information security are defined below.

1. The Company, in collecting, using, and supplying information assets during the course of its business activities, takes preventative and corrective action against nonconformities, and has defined and implements appropriate management measures in order to maintain the confidentiality, integrity, and availability of said information.
2. The Company has established an information security committee to maintain the ISMS, and appropriately manages information assets.
3. The Company handles personal information appropriately based on the Company’s Privacy Policy, in conformance with the Personal Information Protection Act.
4. The Company obeys all information security related laws and regulations.
5. The Company impresses on all employees involved in business activities the importance of information security, makes them thoroughly aware of appropriate use of information assets, and provides the training and education required to appropriately use said information assets.
6. The Company regularly audits information security compliance conditions, and strives to ensure information security while continuously implementing and improving its ISMS.

November 25, 2024