Security Policy

Organic AI Inc. Information Security Policy

Organic AI Inc. (hereinafter referred to as “the Company”) is expanding its business with the mission of:

Based on these principles, the Company hereby establishes an information security policy, aiming to build, operate, and maintain an information security management system.

Establishing an Information Security Framework
The Company is committed to protecting all its information assets. By complying with laws and other regulations related to information security, we aim to build a highly secure information security management system that gains society’s trust.

Appointing an "Information Security Manager"
We will appoint an "Information Security Manager" and organize an Information Security Committee. This structure will allow us to accurately grasp the company-wide status of information security and swiftly implement necessary measures through proactive activities.

Establishing Internal Regulations for Information Security
Based on this information security policy, we will establish internal regulations related to information security. These will clearly outline the handling of all information assets, not just personal data. We will also communicate both inside and outside the company that we take a strict stance against information leaks or breaches.

Enhancing the Audit System
We will develop a system that enables internal audits of compliance with the information security policy, regulations, and rules. Furthermore, to ensure more objective evaluations, we will continue to undergo external audits. By conducting these audits systematically, we will demonstrate that employees are adhering to the security policies.

Realizing Systems with Thorough Information Security Measures
To prevent unauthorized access, leakage, alteration, loss, destruction, or disruption of our information assets, we will implement systems that incorporate thorough security measures. These measures include working in high-security areas, granting access based on the “need-to-know principle*,” and restricting database access, ensuring complete control over data and system access.
*The “need-to-know principle”: The rule that information is only shared with those who need to know it, and not with those who do not.

Improving Information Security Literacy
We will ensure that all employees and related personnel receive security education and training, enabling everyone involved with our information assets to carry out their duties with a high level of information security literacy. Additionally, we will continue to provide training to adapt to the constantly changing environment.

Strengthening the Management of Outsourced Contractors
When entering into outsourcing agreements, we will thoroughly examine the eligibility of the contractors, ensuring that they maintain a security level equal to or higher than our own. To ensure this level is continuously maintained, we will regularly review outsourced contractors and work to strengthen our agreements.

Scope of the Information Security Policy
The information assets covered by this policy include all information acquired or known during the Company’s business activities, as well as all information held by the Company for business purposes. The Company’s executives, employees, temporary staff, and any contractors handling the Company’s information assets must comply with this policy.

Cloud Security Measures
This policy also applies to cloud security measures to protect information assets from all threats. We will strengthen and maintain our internal systems to provide cloud services that customers can use with confidence.

Supplementary Provisions
This Information Security Policy comes into effect on May 22, 2024.
Revision Date: August 24, 2024.