Security Policy

Tryon Corporation (hereinafter referred to as "Tryon") strongly recognizes the need for more than adequate consideration regarding the "information" that handles our customers' information assets. To this end, we have established the following "Basic Policy on Information Security" to guide us in implementing appropriate protection measures for the information assets we handle. All executives and employees of the Company shall fully understand the purpose of this policy and shall carry out their duties accordingly.

- Maintenance of Information Security

As part of information security, we shall ensure and maintain the confidentiality, integrity, and availability of information assets entrusted to us by our customers, personal information collected by us, and information assets in our possession.

- Scope of Application

The scope of application shall include all information obtained and acquired in the course of our business activities and all information held by us in the course of our business activities, our employees involved in the handling and management of such information assets, human assets such as employees stationed at customer sites, and contractors and employees who handle our information assets.

- Appointment and Obligation of Managers

Appointment of Information Security Manager (Director).The appointed information security manager shall confirm and supervise that appropriate information security is being operated, and shall implement, operate, maintain, and improve an appropriate information security management system to protect information from unauthorized exposure, alteration, or interference with business operations.The President will provide the necessary resources for all information security management system activities, approve the established information security management system, and review it periodically.

- Identification of Information Assets and Selection of Risk Assessment and Control Measures Identify personal and trade secret information.

For the identified information assets, we determine the level of security and risk assessment methods appropriate to the size and nature of our business, and select reasonable and appropriate control measures to protect them.The results of this risk assessment, as well as the level and risk assessment methods, will be reviewed in response to changes in the organizational, business, technological, social, and other environments.

- Personal Information Protection

In addition to implementing management measures to protect the personal information we handle, we respect the "right of the subject of information to control his/her own personal information" and manage the collection, use, and modification of personal information in accordance with laws and regulations (guidelines).

- Compliance with Laws and Regulations

We manage personal information in accordance with the Personal Information Protection Law and confidential information of clients and our company in accordance with the Unfair Competition Prevention Law. In addition, we shall properly manage software, etc. to respect the rights of copyrighted works in accordance with the Copyright Act. Clarify and comply with other laws and regulations relevant to our business.

- Employee Obligations

All employees, including contract employees, shall act in compliance with the "Basic Policy on Information Security" and internal rules and procedures regarding information security. In case of violation, disciplinary action will be applied in accordance with our employment regulations.

- Education

Under the support of the President and Directors, the Information Security Manager shall direct employees to promote awareness and education activities regarding information security.