Basic Information Security Policy

established on December 8, 2005
Revised: June 26, 2013

As an entity providing services related to the Internet, an increasingly central social infrastructure, Internet Initiative Japan Inc. (hereinafter called the "Company") will offer its clients secure and reliable services. By doing so in joint efforts with its clients, it will seek to pave the way toward a new network society.

In this context, the Company acknowledges its important duty to ensure information security by protecting information entrusted to its care by clients and by protecting other information assets held by the Company against threats. The Company will also seek to fulfill this duty by implementing appropriate systems for controlling the security of such information.

Thus, the Company has taken a company-wide risk management approach and established an information security management system that it will diligently operate and maintain, and has established a basic policy for information security that constitutes a code of conduct for establishing information security within the Company. The Company hereby declares that all employees will undertake their duties according to ethical standards, in full compliance with the policy.

1. The Company will comply with the Telecommunications Business Law, the Personal Information Protection Law, and all other rules, regulations, ordinances, guidelines, and contractual obligations pertaining to information security.
2. The Company will appoint a Chief Information Security Officer (CISO) and establish an Information Security Committee to implement and maintain a company-wide system for information security.
3. The Company will proceed in its operations in full acknowledgment of its social obligation to educate all employees in the appropriate handling of information assets.
4. The Company will identify any threats to information assets and continuously analyze and evaluate the risk to establish an appropriate system, administered according to the gravity and purpose of each information asset.
5. The Company will implement reasonable measures against any identified threats based on the results of risk analysis to secure the confidentiality, integrity, and availability of information assets, and to ensure the safety and security thereof.
6. The Company will undertake periodic internal and external audits to assess the suitability of information security measures in force and to improve such information security measures continuously.
7. Should a lapse in information security occur, the Company will institute prompt response to minimize any potential damage.

Eijiro Katsu,
Member of the Board, Representative Director
President and Co-CEO & COO
Internet Initiative Japan Inc.

For any inquiries related to the above matters, please contact us at info@iij.ad.jp.