1　Purpose

TRY is a company engaging in the businesses of printing and production of advertising/promotional materials (design, editing, website production, event displays, video production, sales promotion, etc.). In the course of these business activities we are entrusted with large amounts of information assets including personal information and confidential information from our stakeholders (all parties involved in our business). It is our conviction that protection of these information assets is our company’s social responsibility and an important obligation of our business. Therefore, in order to fulfill this obligation in our business activities, it is our purpose to adhere strictly to the basic policy stated herein and, in doing so, achieve safe business practices free of information security risk that will ensure a high level of satisfaction for our stakeholders and increase our corporate value.

2　Definition of Information Security

We define information security as achieving and maintaining confidentiality, integrity and availability with regard to information.

• (1) Confidentiality: The state in which information cannot be accessed by or disclose to unauthorized individuals, entities (organizations, etc.) or processes. (Protecting the information against unauthorized disclosure or access.)
• (2) Integrity: Protecting the accuracy and integrity of information assets (Protecting information from manipulation/falsification and mistaken content.)
• (3) Availability: The state in which it is possible for authorized individuals or entities (organizations, etc.) to access or use information upon request. (Protecting information from being lost or damaged or made inaccessible due to system failure.)

3　Scope of Application

• Organization: TRY Co., Ltd.
• Facility: Inside the TRY headquarters building
• Business: Printing and production of advertising/promotional materials
• Assets: Documents and data used in the abovementioned business activities
• Network: Companywide [in-house] network

4　Operations

• (1) Establishment, implementation, operation, surveillance, review and maintenance of an information security management system to protect the information assets concerned from any and all threats (unauthorized disclosure, unauthorized access, manipulation/falsification, loss or destruction).
• (2) Strict compliance with all related laws and contract requirements in the handling of information assets.
• (3) Formulation and regular review of preventative measures and recovery procedures to prevent the interruption of business activities due to major obstructions or natural disasters.
• (4) Conducting regular education/training of all employees involved regarding information security.

5　Responsibility and Duties and Punitive Measures

• (1) Information security is the responsibility of the company president. To fulfill this responsibility, the president provides the personnel involved with the resources needed to perform the necessary operations to ensure information security.
• (2) The personnel involved carry out the duties of protecting customer information fully and with diligence.
• (3) The personnel involved must follow the procedures laid down for maintaining the policy defined herein.
• (4) The personnel involved must fulfill with diligence their responsibility to report any accidents or system/managerial weaknesses related to information security.
• (5) In the case of any personnel involved taking actions that endanger the protection of customer information or any other information assets entrusted to the company, they will be subject to punitive measures under the dictates of our company’s corporate regulations.

6　Regular Review Procedures

The information security management system will be reviewed on a regular basis and revised as necessary to keep pace with changes in the business and information security environment.