INFORMATION SECURITY
BASIC POLICY

Information Security Basic Policy

Our company is involved in the planning, creation of materials and video content for the advertising and promotion of prescription drugs, and the importance of maintaining credibility in this business is crucial not only to our customers, but also to society at large. Our primary responsibility is to maintain a high level of confidentiality of our clients' information and to maintain an extremely stable information system environment for our clients to use. In addition, all employees must be aware that the planning, creation of materials and creation of video content for the advertising and promotion of our ethical pharmaceutical products is dependent on the trust of our clients and society at large.
To fulfil these responsibilities imposed on us, a basic information security policy has been established and all subjects are to act in accordance with the established policy, which is set out below.

1. Establish an organization with management participation to promote and improve information security activities. It shall also define roles and responsibilities for the management of information and ensure that the information security management system is fully operational.


2. Our employees shall act responsibly and comply with the Information Security Policy and relevant laws, regulations and contractual obligations.


3. Establish criteria for assessing risks, identify risks to information assets and execute a risk response plan.


4. To protect the information entrusted to us by our clients and to continue our business, the information processing facilities and related equipment are strictly protected against accidents, disasters and external disturbances.


5. The information security management system is regularly reviewed in order to assess its effectiveness and make improvements where necessary. In addition, regular internal audits are carried out to clarify compliance with the established rules.


6. Define emergency measures in the event of an accident or disaster to the services provided by us and take measures to ensure the continuation of our business without delay.


7. All employees and others involved with information assets in the scope of application are educated and trained on the basic policy, relevant standards and procedures on information security, in order to have the necessary competence for their work.

August 1, 2024

Takeshi Matsuoka
Chief Executive Officer
Interscience Co.,Ltd.