Prodigic Consulting Co., Ltd. (hereinafter referred to as the “Company”) recognizes the information assets it owns, as well as those entrusted to it by customers and other stakeholders, as important assets that form the foundation of its business operations.
To maintain the confidentiality, integrity, and availability of information assets and appropriately protect them against information security risks, the Company hereby establishes the following Basic Information Security Policy.
1. Basic Policy and Management Responsibility
The Company regards information security as an important management priority and is committed to the proper management and protection of information assets.
The Company’s representative bears ultimate responsibility for information security and promotes the implementation of necessary measures and their continuous improvement.
2. Compliance with Laws, Standards, and Contractual Obligations
The Company identifies and complies with all applicable laws and regulations, relevant standards, contractual obligations, and other requirements relating to information security.
3. Management of Information Assets
The Company implements organizational, personnel, physical, and technical information security measures in accordance with the importance of and risks associated with the information assets it handles.
The Company appropriately manages devices, information systems, cloud services, websites, electronic media, documents, authentication credentials, and other resources used in its business operations.
The Company also implements backups and other measures necessary for business continuity according to the importance of the relevant information assets.
4. Management of Information Security Risks
Taking into account the nature of its business, the information assets it handles, and the surrounding information security environment, the Company identifies and assesses information security risks and implements necessary and appropriate measures according to their significance.
With regard to information systems and software, the Company endeavors to ensure appropriate maintenance and management while taking into consideration vulnerabilities, unauthorized access, malware, and other threats.
5. Response to Information Security Incidents
When the Company becomes aware of an information security incident or a potential incident, it promptly investigates the situation and takes action to prevent further damage, notify relevant parties, determine the cause, and prevent recurrence.
Where reporting or other action is required under applicable laws, regulations, or contractual obligations, the Company responds appropriately.
6. Management of Contractors and Other Service Providers
When outsourcing all or part of its operations, the Company selects contractors appropriately according to the nature of the outsourced work and the importance of the information to be handled.
The Company also implements necessary contractual and other measures and exercises necessary and appropriate management and oversight regarding the handling of information assets by contractors.
7. Education and Awareness
The Company communicates the importance of information security and the necessary measures to all persons who handle information assets and endeavors to provide appropriate education and promote awareness.
8. Continuous Improvement
Taking into account changes in laws and regulations, technology, threats, business activities, and other relevant circumstances, the Company reviews this policy and its information security initiatives as necessary and endeavors to achieve continuous improvement.
Prodigic Consulting Co., Ltd.
Keiji Yamamoto
President & Representative Director
Established: July 13, 2026
