■Purpose
TYO Group makes efforts for the important and continuous management challenge of this Group to appropriately handle information of our customers and suppliers which has been obtained through our business activities and information possessed by this Group. Together with this, we recognize that the appropriate protection of these information assets is our social obligation.

With the purpose of contributing to the above, we have established this ‘Information Security Policy’ here as guidelines of our information security measures and through putting this policy into practice we aim to have an organization that is always trusted by all our stakeholders, starting with our customers.

■Scope of Application
This policy applies to all information assets possessed in relation to work, along with executives, all employees (this includes company employees, contract employees, part-time workers and outside contractors stationed at our offices; this is the same below), as well as partner companies and outside contractors employed through a contract with each company in this Group.

■Implementation Items
An Information Security Management System (ISMS) will be established and will implement the following measures.

1. The confidentially, completeness and availability of information assets that are the fundamental items of information security shall be ensured and maintained.
2. Standards that evaluate risk and a risk assessment structure shall be established.
3. Optimal information security measures shall be taken, in order to reduce risks that are made clear by risk assessments.
4. In order to appropriately handle information of our customers and suppliers, first priority should be given to this information management, there should be consideration of the type of industry and product/service similarities and then safety management measures should be taken, such as clear classification of the department with the responsibility, staff and work location.
5. There should be a complete mutual duty of confidentiality between each division of this Firm and between our subsidiaries for information of our customers and suppliers.
6. he employees, partner companies and external contractors in the scope of application shall comply with laws and ordinances related to information security and other requirements of standards and agreements.
7. Information security education and training shall be carried out on a regular basis for all employees.
8. Information security breaches and weaknesses where there is a doubt of this shall be reported and investigated.

■ Obligations and Penalties

1. The employees, partner companies and external contractors in the scope of application have an obligation to ensure the security of customers’ information assets.
2. The employees, partner companies and external contractors in the scope of application shall abide by the procedures established in order to maintain this policy.
3. The employees, partner companies and external contractors in the scope of application take responsibility to report incidents and weaknesses that have been identified.
4. The employees, partner companies and external contractors in the scope of application shall be subject to disciplinary and legal measures in the event actions have taken place that endanger not only the information assets of customers, but also the protection of information assets that are possessed by this Group in relation to work.

September 28, 2011
TYO Inc.
President
Hiroaki Yoshida

【Revision Record】
Revision resolution at TYO Inc., Board of Directors’ Meeting, September 28, 2011