As an entity providing services related to the Internet, an increasingly central social infrastructure, IIJ America Inc. (hereinafter called the "Company") will offer its clients in North America secure and reliable services. By doing so in joint efforts with its clients, it will aim contribution for customers' business transformation and growth. 

In this context, the Company acknowledges its important duty to ensure information security by protecting information entrusted to its care by clients and by protecting other information assets held by the Company against threats. The Company will also seek to fulfill this duty by implementing appropriate systems for controlling the security of such information. 

Thus, the Company has taken a company-wide risk management approach and established an information security management system that it will diligently operate and maintain, and has established a basic policy for information security that constitutes a code of conduct for establishing information security within the Company. The Company hereby declares that all employees will undertake their duties according to ethical standards, in full compliance with the policy.

1. The Company complies with applicable local, state, or federal laws, and all other rules, regulations, ordinances, guidelines, and contractual obligations pertaining to information security.
2. The Company appointed a Chief Information Security Officer (CISO) and establish an Information Security Committee to implement and maintain a company-wide system for information security.
3. The Company proceeds in its operations in full acknowledgment of its social obligation to educate all employees in the appropriate handling of information assets.
4. The Company identifies any threats to information assets and continuously analyze and evaluate the risk to establish an appropriate system, administered according to the gravity and purpose of each information asset.
5. The Company implements reasonable measures against any identified threats, based on risk analysis, to protect the confidentiality, integrity, and availability of its information assets.
6. The Company conducts periodic internal and external audits to assess and continuously improve its information security measures.
7. In the event of an information security lapse, the Company will respond promptly to minimize any potential damage. Makiko Akagi Chief Operating Officer IIJ America Inc.