1. Purpose

In addition to protecting the personal information, contractual and specification information, and other confidential information entrusted to us by our customers in the course of our business, we will prevent security-related incidents and accidents by protecting and managing the assets necessary for storing and using this information and strengthening our security environment. Furthermore, by complying with all applicable laws, regulations, and rules, as well as the requirements of our customer contracts, we will act with the goal of continuing to grow and develop into a trusted company with a strong presence in the eyes of our customers."

2. Definition of Information Security

Information security refers to ensuring and maintaining confidentiality, integrity, and availability.

1. Confidentiality: The property of not making information available to or disclosing it to unauthorized individuals, entities, or processes (only those authorized to access information can access it).
2. Integrity: The property of accuracy and completeness (information is accurate and information processing methods are standardized).
3. Availability: The property of being accessible and usable when requested by authorized entities (those authorized to access information can access the information they need when they need it).

3. Scope

The scope of the Information Security Management System (ISMS) covers our entire organization and all business operations.

1. Organization: Early Reflection Inc.
2. Location Head Office: 4F VORT Jimbocho IV, 1-22-2 Kanda Jimbocho, Chiyoda-ku, Tokyo
3. Business: Planning, design, construction, operation, sales, maintenance, and all related business related to computer systems and applications.

4. Implementation Details

1. Ensure and maintain the fundamental information security requirements of "confidentiality" "integrity" and "availability"
2. Do not violate internal rules, regulations, or legal requirements.
3. Establish and regularly review prevention and recovery procedures to prevent business activities from being interrupted by serious failures or disasters.
4. Regularly provide information security education and training to all applicable employees.
5. All information security incidents, accidents, and suspected weaknesses will be reported and investigated.
6. All actual or suspected information security violations will be reported and investigated.

5. Responsibilities, Obligations, and Penalties

1. The Representative Director is responsible for information security. To this end, the Representative Director will provide all employees with the necessary resources.
2. All Employees have an obligation to protect information.
3. All Employees must follow established procedures to maintain this Policy.
4. All Employees are responsible for reporting information security incidents and weaknesses.
5. All Employees who engage in behavior that jeopardizes the protection of information assets handled by the Company are subject to disciplinary and legal action.

6. Continuous Improvement

To effectively manage ever-changing risks, management will continuously improve the Company's ISMS. Furthermore, management will establish information security objectives and targets consistent with this Policy and evaluate their progress.

Regarding ISMS Certification:

Early Reflection Inc. has obtained ISO/IEC 27001 (ISMS), the international standard for information security management.