Y-Yacht Co., Ltd. (hereinafter referred to as “Y-Yacht”) has established the following basic policies for its information security management system and information security initiatives.

１．1. Recognition of the direction and principles of activities related to information security

We believe that information assets are important management assets, and that properly protecting and managing them is an important responsibility to maintain the trust of our customers and to fulfill our social responsibility as a company.
For this reason, we have established an information security management system based on JIS Q 27001 (ISO/IEC 27001), and strive to establish and continuously improve information security.

２．Information security management system and basic policy on information security

1, Information security in our company means maintaining the confidentiality, integrity and availability of all information that we handle for business purposes.
2, We establish an information security management system to ensure the selection of adequate and well-rounded security controls that protect our information assets and provide confidence to our stakeholders.
3, In order to identify security requirements in our company, we conduct a risk assessment, taking into account our overall business strategy and objectives, to identify threats to our information assets, assess vulnerability to incidents and the likelihood of incidents, and estimate potential impacts.
4, In addition to the security requirements guided by the results of the risk assessment, we select appropriate security controls as necessary to meet legal, regulatory and contractual requirements, as well as business requirements.
5, In order to further ensure information security, we will ensure that all employees and other relevant personnel of the organization are appropriately aware of the organization’s policies and procedures as they relate to their jobs and are competent to perform their required duties through education, training, and other methods.
6, We will deal with business interruption from the effects of major information system failures or disasters, protect critical business processes from them, and ensure that business activities and critical business processes can be resumed without loss of opportunity.
7, We require our employees to comply with the information security policy and regulations regarding information security, and ensure that appropriate measures are taken for any violation of the policy and regulations.
8, We will ensure that any information security incident is immediately reported to the necessary parties.
9, We will continuously improve our information security management system and information security by regularly evaluating the effectiveness of our information security basic policy and selected security control measures, and by conducting internal audits on a regular basis.

Date of enactment: June 1, 2010
Date of last revision: August 21, 2020

Sawako Terada
Representative Director, President
Y-Y Yacht Co., Ltd.