Information Security Policy

Rock Store House (including subsidiaries and affiliates; hereafter known as "Company"), has the goal of carrying out the development, introduction, application and maintenance of information systems. Our personal information handling provisions stipulate procedures for the management, safeguarding and use of all information, including confidential business information. These procedures act as guidelines for both management and staff, and the Company strives to ensure that better business practices are the driving force behind operations. The Company works to ensure it can maintain its expected duties by creating a business continuity plan, in order to play a public role in society. The Company endeavors to carry out its pertinent business activities of planning, application, management and review according to the Information Security. The Company works to adhere to this "Information Security Policy"and maintains an advanced information security management system.

Management System Architecture

We build our information security management system in such a way as to always ensure a high level of public trust, through adherance to all applicable information security laws and stipulations, and by striving to ensure the safeguarding of all information assets in the possessions of the Company.

Committee Establishment

A "Chief Information Security Officer" (CISO) will be assined, and the organization of the Information Security Committee will be established as well. In this way we can accurately grasp the information security situation, and carry out the necessary countermeasures in a streamless and assertive way.

Maintenance of Internal Regulations

We maintain internal regulations based on these information securities policies, dealing in a strict manner both inside and outside the company with any kind of information leakage (including personal information) from the whole of our information assets, making our policies on the issue clearly known and understood.

Enhancement of Auditing System

We continue the maintenance of our system to conducting internal audits with regards to compliance to information security policies, regulations and rules. Also, to obtain greater objective evaluations, we continually undergo external auditing of our systems. Through the systematic enaction of these audits, we are able to certify that our security policies are adhered to by all members of our staff.

Target of this Policy

The "Information Assets" that this policy outlines includes all information obtained and come to be known through business operations as well as all information obtained through the Company's regular affairs. All executive staff, regular employees and part-time employees that have any relation to these information assets, as well as all other subcontracted and related employees, adhere to the principles of information asset handling as set out by the Company.