East Nippon Expressway Company Limited

Expressway service

NEXCO EAST

Information Security Policy

East Nippon Expressway Company Limited (“the company”) recognizes that the information assets in its possession are constantly under threat from various sources. To ensure the security of personal data and all other important information assets, and to further reinforce trust with its customers and society as a whole by actively disclosing information, the company has set out the following Information Security Policy and implements companywide information security measures accordingly.

Definition

The term “information assets” refers to information handled by the company in the course of its business activities and all systems required in order to handle the relevant information.

Scope

This policy is applicable to all persons who come into contact with information assets in the possession of the company, including employees working for affiliated companies and temporary employees as well as the company’s own directors, officers and employees.

Operating framework

The company will put in place the necessary operating framework to implement information security measures, including formulating information security regulations and appointing an information security officer, and will continually work to maintain and improve information security.

Information security measures

The company will protect information assets from all threats, including eavesdropping, intrusion, falsification, deletion, theft or leakage, and will take adequate physical, human and technical measures to ensure their security. In the event of a genuine threat to the security of information assets, the company will make every effort to minimize any loss or damage, quickly identify the cause of the threat and prevent a recurrence.

Training

The company will provide necessary information security training for all persons handling information assets and will continually work to maintain and raise awareness of the need for information security measures.

Evaluation and reviews

The company will regularly evaluate and review its information security regulations and continue to make any necessary improvements.

Legal compliance

All directors, officers and employees will comply with information security legislation, rules and regulations, and any other obligations set out in security agreements concluded with the company’s customers.

Management liability

Directors will take responsibility for ensuring the security of information assets and implementing information security measures.

Disclosure

The company will inform all persons handling information assets of this policy and make details of this policy available to the public.