Information Security Policy

Basic Principles

Sansan, Inc. (hereinafter “the Company”or “Sansan”)operates with the mission of “Turning encounters into innovation.”

Weconsider customer information and other information assets wedeal with in the course of ourbusiness to be of the utmost importance as a management foundation.

To protect information assets from security risks such as leaks, damage, or loss, all personnel,including executives and staff who deal with information assets,shall comply with thispolicy and carry out measures to ensure information security in terms of its confidentiality, integrity, and availability.

  • Enacted: 05/01/2021
  • Sansan, Inc.
  • Representative Director/CEO:Chika Terada

Basic Policy

  1. We haveformulated an Information Security Policy, along with relevant regulations to protect information assets. we shall adhere to these when conducting business while upholding applicable laws, regulations, and other standards relating to information security and agreements with customers.

  2. We shall clarify the criteria for analyzing and assessing existing risks to information assets such as leaks, damage, loss, etc., and establish a systematic process for risk assessment to be carried out regularly. In addition, we shall implement necessary and appropriate security measures based on the outcome of this assessment.

  3. We shall establish information security systems centered on executive officers and clarify their authority and responsibilities for information security. In addition, we shall regularly implement education, training, and awareness-raising campaigns to ensure all employees recognize the importance of information security and the proper handling of information assets.

  4. We shall regularly perform checks and audits on compliance with information security policy and information asset handling. We shall take prompt corrective action for any inadequacies or points requiring improvement that are discovered.

  5. We shall implement appropriate procedures for dealing withinformation securityevents orincidents. We shall establishpreemptive response proceduresto minimize damage inthe unlikely chancethat asecurity event or subsequentincident occurs, allowing usto respond promptly and take the appropriate corrective actions when necessary.

  6. We shall establish an information security management system that sets goals for realizing ourbasic principles. We will continuously review and improvethe systemduring itsimplementation.