Information Security Policy Statement

Established: September 1, 2010

Intent

IIJ Global Solutions Inc. (“Company”) is committed to protect information assets of both Company and its customers. Company will establish, operate, maintain and improve an effective information security management system based on this Policy to promote trust in the Company and drive sound business in a responsible manner.

1. Scope

This Policy applies to all the information assets and systems associated with Company’s operations, and all the personnel involved with the information assets and systems.

2. Supporting documents

Company’s security policy is comprised of this Policy and various security standards and procedures. All the personnel shall comply with this Policy and the standards and procedures.

3. Compliance

Company shall comply with Telecommunications Business Act, Act on the Protection of Personal Information and other laws, governmental regulations and guidelines relating to information security and, as well as contractual security requirements.

4. Organization and responsibility

Information Security Management Office shall, in accordance with this Policy, and with the participation and support of the Company’s Management, develop and implement a management structure for the construction and maintenance of an information security management system.

5. Risk management

Company shall conduct risk assessments to identify Company's information assets, risks and appropriate security measures. Based on the results of the risk assessments, Company shall implement cost-effective risk treatments to ensure confidentiality, integrity and availability of the information assets.

6. Changes in the business environment

Company shall review this Policy, the risk treatments, security standards and procedures periodically to address changes in the business environment. Company shall update them if necessary to maintain appropriate level of security.

7. Protection of personal information

Company shall establish Privacy Policy and implement proper handling and safeguarding of personal information.

8. Education and Training

All the personnel shall receive education and training to understand the mission-critical nature of information security and the proper handling of information.

9. Business continuity plans

Company shall implement business continuity plans to minimize the impact of accidental or intentional incidents to ensure its operations are continued or recovered in planned time frames.

10. Auditing

Company shall have internal and external audits periodically. Such audits provide Company with objective evaluations of its information security postures and feedbacks for continuous improvements.

Yoshinobu Inoue, Representative Director, President
IIJ Global Solutions Inc.