Basic Policy on Information Security

Basic Policy on Information Security

The Cosmo Energy Group Management Vision is, “In striving for harmony and symbiosis between our planet, man and society, the Cosmo Energy Group aims for sustainable growth towards a future of limitless possibilities.” As part of our efforts to achieve this vision, we recognize information assets to be a valuable management resource. Accordingly, the Cosmo Energy Group Code of Conduct mandates that we properly handle information to fulfill our commitment as an honest corporate group. This policy is based on our Management Vision and Code of Conduct and outlines our basic approach to protecting the confidentiality, integrity, and availability of information assets utilized in the Group’s business activities against any threats.

1. Legal compliance

We comply with all relevant laws and regulations related to information security, including Japan’s Personal Information Protection Act, national guidelines, and social norms.

2. Information security management system

In order to protect and properly manage all the information assets the Group possesses, we establish the needed rules and systems to enable swift implementation of information security measures.

3. Promotion of appropriate information security measures

We identify risks related to information assets, such as unauthorized access, information leakage, and falsification, and take the measures that are necessary. In addition, we maintain a response and recovery system to address unforeseen incidents and prepare plans for rapid information system recovery.

4. Continuous improvement

We strive to improve the level of the information security continuously by regularly reviewing internal rules, employee training, security measures, as well as internal organizations and systems related to information security.

5. Communication and education

We actively share this policy with officers, employees, business partners and other stakeholders. We continuously carry out relevant training and awareness-raising activities in an effort to improve the Group’s information management system while enhancing information security literacy.

Established: February 10, 2022