Basic Information Security Policy
MIRARTH HOLDINGS Group (hereinafter, the "Group") handles a variety of information assets, including information entrusted and provided by customers and all other related parties, and information retained by the Group, in the course of carrying out various businesses to evolve into a future environment design company that make the future of people and the earth happier.
With the security of information assets as one of the Group’s most important management measures, the Group established an "Basic Information Security Policy" for the Group to protect information assets from internal and external threats and attacks, to live up to the trust of customers, stakeholders and society, and to take appropriate organizational, human, physical, and technological measures.
-
1. Establishment of Information Security Management System
In order to properly manage and protect information assets, the Group established an operational management system that enables the implementation of necessary security measures based on security risk analysis.
-
2. Information Security Education and Training
The Group continuously provides necessary education and training to all employees and related parties of the Group to improve their information security literacy and to properly manage information assets.
-
3. Compliance with Laws and Regulations and Contractual Requirements
All employees and related parties of the Group are required to check and keep up-to-date on the laws, regulations and rules concerning information assets as well as requirements and obligations under security-related contracts with customers, and to comply with and not violate said laws, regulations and rules.
-
4. Responses to Violations and Accidents
In the event of a violation of laws and regulations, a breach of contract, or an accident occurring in connection with information security, all employees and related parties of the Group will try to prevent a recurrence by working quickly to restore the situation and minimize damage.
In addition, the Group will appropriately report the violation, breach or accident to the relevant internal and external parties and authorities, as the situation requires. -
5. Continuous Improvement
The Group will continue to improve information security management through periodic evaluation and review of the above.
October 1, 2022