Guiding Principle BlueIsland Ltd. (Henceforth referred to as “Our Company”) considers all information assets, including customer data, to be of essential importance in the management of Our Company. Persons who handle information assets, including directors and employees recognize the importance of protecting information assets from risks such as leakage, damage, loss, etc., shall comply with this policy, and preserve information security to ensure the confidentiality, integrity and availability of these information assets.

Basic Policy 1. In order to protect information assets, Our Company will formulate an information security policy, conduct business in accordance with this policy, and comply with laws, regulations and other norms related to information security, as well as contractual agreements with customers.

2. Our Company will determine clear standards to evaluate and analyze risks to information assets such as leakage, damage, loss, etc., establish a systematic risk assessment methodology and periodically conduct risk assessment. Our Company will implement necessary and appropriate security measures based on these results. Our Company will establish an information security framework centered on the director in charge and clarify information security authorities and responsibilities. In addition, all employees shall recognize the importance of information security, and will be regularly provided education, training and awareness to ensure proper handling of information assets.

3. Our Company shall regularly check and audit the status of compliance with the information security policy and the handling of information assets, and take corrective action promptly for any deficiencies or areas of improvement that are found.

4. In addition to taking appropriate measures in response to the occurrence of events and incidents regarding information security, Our Company shall, in advance, establish a response procedure to minimize damage, and promptly respond and take appropriate corrective actions if such an event or incident were to occur. In particular, for incidents related to business interruption, we will establish a framework for managing such incidents and conduct regular reviews to ensure the continuity of business.

5. An information security management system with set goals shall be established, implemented, and periodically reviewed and improved in order to realize our guiding principle.

January 1, 2020 Establishment
BlueIsland Ltd.