Policy on Information Security

1. Objectives and scope of information security

Solasto believes that information security is the foundation for earning the trust of its stakeholders and takes the necessary and appropriate measures from the perspectives of organization, human resources, physical security, and technology in order to protect information assets and manage risks.

2. Responsibilities and roles concerning information security

All executives and employees of Solasto shall be aware of their responsibilities and roles concerning information security and comply with all of the requirements of the related laws, regulations, contracts, as well as internal regulations that ensures the fulfillment of such requirements. Solasto shall designate a person and a team responsible for information security and establish a system for promptly implementing information security activities within the organization.

3. Managing information security risks

Solasto shall assess risks to identify and prioritize risks associated with the confidentiality, integrity and availability of information security measures. Solasto shall then formulate and implement appropriate plans for responding to the risks.

4. Information security education

Solasto shall provide information security education to all of its officers and employees and will provide education on an ongoing basis to raise awareness of information security and encourage responsible behavior.

5. Response to information security incidents

All of the executives and employees shall recognize Solasto's vulnerabilities and the threat of the loss of confidentiality, integrity or the availability of information security systems due to an incident, accident, disaster or other cause and strive to prevent incidents from occurring. In the event of an incident, Solasto will respond promptly in accordance with its response plans, such as containment and elimination of the incident and recovery from the incident.

6. Continuous improvement of information security

Solasto strives to continuously improve information security by regularly evaluating the effectiveness of information security rules and measures and implementing appropriate improvement measures.