Information Security Policy

Kataro!! Inc. (in preparation for establishment) (hereinafter "the Company") upholds the vision of "Becoming a Key Driver in the AI Era" and operates an "AI-related services and data solutions business." The information assets handled in our business, including customer information, are extremely important as the foundation of our management. All individuals handling the Company's information assets, including officers and employees, shall comply with this policy, recognize the importance of protecting information assets from information security risks, and practice activities to maintain the confidentiality, integrity, and availability of information assets.

Fundamental Policy

1. We shall establish an information security policy to protect information assets, conduct business in accordance with it, and comply with laws, regulations, and other norms related to information security, as well as contractual obligations with customers.
2. We shall establish clear criteria and systematic risk assessment methods for analyzing and evaluating risks such as leakage, damage, and loss of information assets, conduct regular risk assessments, and implement necessary and appropriate security measures based on the results.
3. We shall establish an information security structure centered on the responsible officer, clarify authorities and responsibilities related to information security, and conduct regular education, training, and awareness activities to ensure all employees recognize the importance of information security and handle information assets appropriately.
4. We shall regularly inspect and audit the compliance status of the information security policy and handling of information assets, and promptly take corrective actions for any deficiencies or improvements identified.
5. We shall take appropriate measures for information security events and incidents, and establish response procedures in advance to minimize damage in the event of occurrence, respond promptly, and take appropriate corrective actions. In particular, for incidents that may cause business interruption, we shall establish a management framework and conduct regular reviews to ensure business continuity.
6. We shall establish an information security management system with defined objectives to realize this policy, implement it, and continuously review and improve it.