Information Security Policy

[Translation] Information Security Policy
Important Note regarding the English Translation
This document is an English translation of the original Japanese Information Security Policy provided for reference and convenience purposes only. This translation does not have any legal force or effect. In the event of any discrepancy, contradiction, or inconsistency between this English translation and the original Japanese text, the Japanese text shall prevail in all respects. The Company assumes no responsibility for any direct, indirect, or other forms of damages arising from any misunderstanding or misinterpretation of this translation.

Bitkey Inc. (hereinafter referred to as “the Company”) operates its business based on the corporate philosophy: “Let’s connect. People can be freer.”
We recognize that the information systems and information assets held by the Company, including customer information obtained through the products and services provided by the Company, are extremely important as the foundation of our management, and that protecting them from all threats such as unauthorized access, crime, leakage, and disasters is a critical management issue. Furthermore, our officers and all employees recognize the importance of protecting information assets and act with high security awareness to maintain trust with customers. To accomplish and develop the Company’s business objectives, we shall comply with this Policy and practice activities to maintain information security, ensuring the confidentiality, integrity, and availability of information assets.

1. To protect information assets, we shall formulate an Information Security Policy and related regulations, conduct business in accordance with them, and comply with laws, regulations, and other norms related to information security as well as contractual matters with customers.
2. We shall clarify criteria for analyzing and evaluating risks existing for information assets, such as leakage, damage, and loss, establish a systematic risk assessment method, and conduct periodic risk assessments. Furthermore, based on the results, we shall implement necessary and appropriate security measures.
3. We shall establish an information security structure centered on the officer in charge and clarify authority and responsibility regarding information security. In addition, we shall regularly conduct education, training, and awareness activities to ensure that all employees recognize the importance of information security and handle information assets appropriately.
4. We shall periodically inspect and audit the status of compliance with the Information Security Policy and the handling of information assets, and promptly take corrective measures for any discovered defects or items for improvement.
5. We shall take appropriate measures regarding the occurrence of information security events and incidents. In the unlikely event that they occur, we shall have established response procedures in advance to minimize damage, respond promptly in an emergency, and take appropriate corrective measures. In particular, for incidents involving business interruption, we shall ensure the Company’s business continuity by establishing a management framework and reviewing it periodically.
6. We shall establish an Information Security Management System setting goals to realize the Basic Philosophy, execute it, and continuously review and improve it.

June 1, 2023

Bitkey Inc.
Masanori Hotsuki, Representative Director and CEO