Information Security Management Systems

1. Certification date	January 5th, 2012
2. Certification body	Bureau Veritas Japan Co., Ltd.
3. Certification number	4595513 (Renewal date: January 5th, 2021)
4. Scope of certification	The following operations of the company constitute its information security management system which has been certified under ISO 27001 at this time. Sale of integrated devices and provision of related technical support Provision of technical support related to FA systems Development of proprietary software programs (production management systems) Contracted development of software programs for controlling manufacturing equipment Contracted development of manufacturing equipment monitoring systems Provision of technical support related to facility products
5. Applicable standard	ISO/IEC27001:2013, JIS Q 27001:2014
6. Registered approval organization	ISMS Accreditation Center (ISMS-AC)
7. Certified departments	TAKEBISHI CORPORATION (Head Office: Kyoto, Japan) Smart Factory Sales Promotion Department Solution Development Department System Engineering Department Quality Assurance Department Global Business Sales Promotion Department Corporate Planning Department Sustainability Promotion Department General Accounting Department Information Systems Department General Affairs Department

Basic Policy on Information Security Concerning ISO27001

Fundamental Principle on Information Security

Basic Policy on Information Security

1. This Policy applies to the Company’s information assets related to its specific businesses, which include the information itself as well as the Company’s operation sites and ancillary infrastructure, personnel, hardware, software, and also the services that are either used or provided by the Company.
   For this purpose, the Company is committed to ensuring the security of its information assets comprehensively, with emphasis on the maintenance of the information’s confidentiality, integrity, and usability, such that the customers’ requirements are met.
2. The Company shall set up a proper organizational structure under which this Policy will be implemented, while clearly defining the function, responsibility, and authority of each employee, department, etc. that comprise the structure. The Company shall also procure all necessary resources to achieve this objective.
3. The Company shall conduct appropriate risk management by implementing human-resource-based, organizational, and technological measures to protect its information assets from unauthorized access, leakage, falsification, loss, damage, disruption of use, etc., and to manage and utilize the information assets appropriately.
4. The Company shall comply with all applicable information security laws and regulations, all contracts that have been executed with the customers, and its internal procedures that are separately specified.
5. The Company shall properly manage all personal information according to its internal regulations that conform to the Act on the Protection of Personal Information.
6. The Company shall provide education and training to all its employees, etc., that must use its information assets so that they thoroughly recognize the importance of information security as outlined in this Basic Policy.
7. The Company shall implement its information management system including its risk evaluation standards and risk assessment protocols to manage and utilize its information assets safely and appropriately, while periodically reviewing, revising, and improving the system as needed.
8. If any act is found to have been committed by any party that threatens the Company’s information security under this Basic Policy, the Company shall deal with such a party in a decisive manner, which may include taking any appropriate legal action.