Information Security Policy

We, at Central Nippon Highway Engineering Tokyo Company Limited, are highly aware of the fact that the information assets held by the Company are constantly exposed to various threats, and we will further solidify the relationship of trust with our customers and society by ensuring the security of important information assets, including personal information, and by proactively disclosing information. To this end, we hereby establish the guiding principles for information security and promote company-wide initiatives for information security measures.

(Definition)

Information assets shall refer to information handled by the Company in the course of its business activities and information systems necessary to handle such information.

(Scope of Application)
These principles shall apply to all persons who have access to the Company’s information assets, including officers, employees, employees of affiliated companies, and temporary employees.

(Operational Framework)
The Company shall establish an operational framework for information security measures, including the establishment of regulations concerning information security measures and the appointment of a person in charge of security measures, and shall continuously implement activities including maintenance and improvement of the framework.

(Implementation of Measures)
The Company shall take appropriate physical, personnel, and technical measures to protect information assets from threats such as eavesdropping, intrusion, tampering, destruction, theft, and leakage, and to ensure the security of information assets. In the unlikely event of a security threat to information assets, the Company shall minimize the damage, promptly investigate the cause, and strive to prevent recurrence.

(Training)
The Company shall provide training on necessary information security measures to those who use information assets, in order to maintain and improve their awareness of information security measures.

(Evaluation and Review)
The Company shall periodically evaluate and review the contents of the rules and regulations concerning information security measures, striving for continuous improvement.

(Compliance with Laws and Regulations)
All officers, employees, and other concerned persons shall comply with laws, regulations, and codes related to information security, as well as contractual obligations to customers regarding security.
In addition, the compliance requirements concerning information security measures shall be clearly stated in the contracts that the Company enters into with external entities.

(Responsibility of Senior Management)
Senior management shall lead by example and take responsibility for ensuring the security of information assets and implementing the measures.

(Public Announcement)
The Company shall notify those who use the Company’s information assets of these principles, and also publicly announce the principles to the general public.