Information Security Basic Policy

SANGIKYO CORPORATION constantly develops socially responsible management based on our corporate philosophy and provides Optimization services. To remain a company trusted by everyone, we strive to ensure information security and contribute to the healthy development of a broadband and ubiquitous society.

(1) Scope of Application

This policy applies to all information assets handled by the company and all individuals involved in our business activities.

(2) Establishment of ISMS

We will establish an Information Security Management System (ISMS) centered on the Management Workshop Committee and will work to improve information security (confidentiality, integrity, and availability of information).

(3) Assignment of Chief Information Security Officer

We will appoint a "Chief Information Security Officer" as the person with ultimate responsibility for information security protection.

(4) Development of Internal Rules Regarding Information Security

We will develop internal regulations and ensure that our strict stance toward risks—such as the prevention of information loss, tampering, leakage, and unauthorized access—is fully communicated both internally and externally.

(5) Protection of Information Assets

To recognize the importance of all information assets held, we will continuously conduct risk assessments, develop appropriate risk countermeasures, and strive to protect information assets.

(6) Implementation of Information Security Education

We will utilize our "Visualization (Optimization-Ware)" to implement information security education.

(7) Response to Information Security Incidents and Accidents

We will respond promptly to information security incidents and accidents and strive to reduce risks.

(8) Compliance with Laws and Standards

We strive to comply with all laws, other standards, and contractual obligations applicable to information security.

(9) Review and Improvement

We will periodically review and continuously improve this policy and the ISMS in accordance with changes in management policies, business content, business and social environments, technological evolution, and revisions to laws and regulations.

Established: August 1, 2005
Revised: June 29, 2009
SANGIKYO CORPORATION
President and Representative Director Michiyasu Sengoku

Overview of Information Security Management System

Certification Standard

ISO/IEC 27001:2022 + Amd 1:2024

Certification Number

J0616

Date of Initial Certification

December 28, 2009 (ISO/IEC 27001:2005)

Expiration Date

December 27, 2027 (ISO/IEC 27001:2022 + Amd 1:2024)

Certification Body

ASR Co., Ltd.

Scope of Registration

1. Design and development, equipment manufacturing, installation work, on-site adjustment testing, maintenance, and consulting of telecommunications facilities.
2. Design and development, and installation work of electrical facilities.
3. Sales of electrical and telecommunications equipment products.
4. Design and development of software.
5. Design of telecommunications equipment.
6. Management of worker dispatching services and on-site contracting services. Security management of customer data, company data, software, hardware, and networks in the above. Statement of Applicability: April 11, 2024, 10th Edition

ISO 27001 Certified Organizations

Location Name	Certified Organizations
Head Office	Corporate Secretary Business Platform Optimization Center Accounting & Procurement Dept. Motivation Engine Network Solution Division Carrier Network Dept. Fire and Disaster Prevention Solution Dept. Wireless System Dept. Core Network Division Social Infrastructure Dept. Space & Defense Dept. Business Process Engineering Dept. Power Solution Dept.
Sendai	Core Network Division Social Infrastructure Dept. Sendai Office
Osaka	Kansai Branch Osaka Sales Office
Nagoya	Kansai Branch Nagoya Sales Office