1. Definition of Information Security

Information Security shall mean to ensure and maintain the confidentiality, integrity, and usability of our information assets.

*Confidentiality shall mean that only authorized users may access to the information and the information shall never be disclosed to outside of the company.

*Integrity shall mean that the information and our information systems are accurately maintained and handling of information is always based on designated and respected procedures.

*Availability shall mean that authorized users are able to access to the information and the information systems when necessary.

2. Purpose

HENNGE shall, by appropriately handling our information assets, maintain trusts of the stakeholders, such as our customers, vendors, shareholders and employees, and fulfill our social responsibility as a company.

3. Applicable Scope of the Policy

1. To all HENNGE organizations;
2. To all HENNGE employees including HENNGE officers, employees, temporary workers, part-timers and interns, as well as subcontractors who work constantly in the HENNGE premises; and
3. To all the information which is under the custody of HENNGE and related to HENNGE's business activities.

4. Goals

1. Prevent as well as minimize occurrence of information security incidents; and
2. In case of any information security incident, minimize the damage and maintain our business continuity.

5. Framework of Risk Management

HENNGE shall conduct its risk assessment as well as risk management based on the following framework and set the management objectives as well as measures;

1. Identification and Classification of Information Assets
   Accurately identify and classify the priorities of our information assets at HENNGE;
2. Risk Assessment
   Establish criteria for risk assessment and apply them;
3. Risk Management
   Take operational, physical, and technical measures to manage risks.

6. Other Information Security Principles

1. Fulfilling the Information Security-related Obligations
   Fulfill obligations set by relevant laws and ordinances (including but not limited to those which are set forth in the Information Security Management Rules, such as (1) Unfair Competition Prevention Act, (2) Act on the Prohibition of Unauthorized Computer Access, (3) Copyright Law, and (4) Personal Information Protection Law) as well as regulations, company internal rules and contractual obligations relating to information security.
2. Implementation of Education and Awareness Programs
   Implement education and awareness programs on information security.
3. Administration of Business Continuity
   Take measures against interruptions of business activities due to major failure of information systems and/or natural disasters, protect important operational processes, and ensure recovery of business activities and important business processes.
4. Penalties against Violations
   Apply penalties against violations of our Information Security Policy.

7. Responsibility related to Information Security Management

General as well as specific responsibility lies with the HENNGE management team including directing the necessary measures as well as making announcements and reporting to outside of the company in the event of any information security incident at HENNGE.

8. Document on the Company Information Security Management System

HENNGE shall create a document on its information security management system so that information security shall be appropriately managed and maintained. Also, in order to put this Policy into practice, we will utilize the document.

9. Approval and Reviews of the Policy

This Policy is approved and shall be periodically reviewed by the HENNGE board of directors.