Information Security Policy

Good News Inc. (hereinafter referred to as "the Company") operates with the philosophy of "Creating a future where everyone can work happily together."

The information assets handled in our business, including customer information, are extremely important to the Company's management foundation.

Recognizing the importance of protecting these information assets from risks such as leakage, damage, or loss, the Company ensures that officers and employees, as well as those handling information assets, adhere to this policy. They will actively engage in activities to maintain information security, including the confidentiality, integrity, and availability of information assets.

1. To protect information assets, we will establish an information security policy along with relevant regulations, and conduct business in accordance with these. We will also comply with applicable laws, regulations, other standards related to information security, and contractual obligations with customers.
2. We will establish clear criteria for analyzing and assessing the risks of leakage, damage, loss, etc., related to information assets, and create a systematic risk assessment method. Additionally, we will conduct regular risk assessments and implement necessary and appropriate security measures based on the results.
3. We will establish an information security system centered around the responsible executive and clarify the authority and responsibilities related to information security. Additionally, to ensure the proper handling of information assets, we will regularly conduct education, training, and awareness programs so that all employees recognize the importance of information security.
4. We will regularly conduct inspections and audits regarding compliance with the information security policy and the handling of information assets. Any deficiencies or areas for improvement identified will be promptly addressed with corrective actions.
5. We will take appropriate measures in response to information security events and incidents. In the event that such incidents occur, we will establish procedures in advance to minimize the damage. In case of emergencies, we will respond swiftly and take appropriate corrective actions. Additionally, for incidents that may lead to business interruptions, we will establish a management framework and regularly review it to ensure the continuity of our business operations.
6. We will establish an information security management system with clearly defined goals to realize our fundamental principles, implement it, and continuously review and improve it.