EXIM International, Inc. (hereinafter, “the Company”) has established the following basic policy for protecting the information assets it acquires and possesses from information security threats. The Company is committed to properly and safely handling those assets under this policy, so as to maintain the trust of its clients.

Basic Policy on Information Security

1. Compliance

   The Company shall comply with information security-related laws, ordinances, regulations, and social norms, and with contractual security requirements.

2. Information Security Management System

   The Company shall establish and maintain the organization needed to manage and operate its information security management system.

3. Protection of Information Assets

   The Company shall protect all information assets it acquires and possesses from information security threats.

4. Accident Prevention and Response

   The Company’s officers and employees shall endeavor to prevent the occurrence of information security accidents. In the event that such accidents occur, the officers and employees shall promptly respond with appropriate actions, including measures for preventing recurrence.

5. Education and Training

   The Company shall endeavor to improve the information literacy of all its employees by providing information security education and training aimed at instilling each employee with a thorough understanding of the importance of information security, and of the methods for proper information handling and management.

6. Continuous Improvement

   The Company shall continuously improve its information security management by regularly evaluating and reviewing the aforementioned practices.