Basic Information Security Policy

Elephantech Inc. (hereinafter referred to as “the Company”) strongly recognizes that confidential information held by the company, confidential information received from customers, and personal information are information assets that should be protected. To ensure the confidentiality^*1, integrity^*2, and availability^*3 of information assets, we will strive to strengthen information security under the following basic policy.

Article 1: Management System

The Company will establish a management system under the Chief Information Security Officer, develop various regulations, and promote information security company-wide.

Article 2: Establishment of Information Security Policy

The Company will formulate an information security policy consisting of basic policy, management regulations, and guidelines, and thoroughly communicate this to all officers and employees of the Company.

Article 3: Education and Training

The Company will raise awareness of information security among officers and employees and provide education and training on information security.

Article 4: Management of Information Assets

The Company will manage and operate information assets in accordance with laws and contracts related to information security, as well as this policy and other information security policies.

Article 5: Continuous Improvement

The Company will continuously review the information security management system in accordance with this policy and improve it as necessary.

 

• *1Confidentiality: Ensuring that only those with access rights can access the information.
• *2Integrity: Protecting the accuracy of information and processing methods.
• *3Availability: Ensuring that authorized users can access information and related assets when needed.