1. Purpose of Information Security

Samadhi Group (hereinafter referred to as "the Group '') engages in various businesses such as human resource development and training, educational consulting, cloud services, and the production of performing arts. Recognizing that the success of our business relies on the trust of our customers, the Group is committed to providing high-quality services tailored to their needs, with a motto of prioritizing customer satisfaction. As part of our mission and management policy, the Group is highly aware of handling various corporate and personal information in its business activities. To provide valuable services to our customers and fulfill our social responsibility as a company, we acknowledge the importance of appropriately managing and safeguarding information assets from all threats. This document outlines the purpose of establishing and managing the Group's information security.

2. Establishment, Implementation, and Continuous Improvement of Information Security Management System

To effectively manage and operate the information security of the Group, we take appropriate organizational actions to reflect strategic risk management initiatives, to establish, implement, maintain, and continuously improve an information security management system.

3. Compliance with Laws, Regulations, and Contractual Requirements

We comply with laws and/or regulations related to information security, established by the government of Japan and other authorities, as well as security requirements stipulated in legal contracts we engage.

4. Implementation of Education

The Group conducts appropriate information security education to all officers, employees, contract workers, and affiliated company employees involved in the Group's business.

5. Business Continuity Management

The Group identifies events that could cause interruptions in the Group's business, establish recovery procedures from disasters and accidents, and ensure continuity of business operations.

6. Response to Information Security Incidents

The Group has established a responsibility structure and procedures for responding to accidents related to information security, ensuring prompt and effective responses.

7. Information Security Policy for Providing Cloud Services

As a cloud service provider, the Group considers the following to meet the information security requirements for users or potential users:

• 1.Minimum information security requirements applied to the design and implementation of cloud services
• 2.Risks from authorized internal stakeholders
• 3.Multitenancy and isolation of cloud service customers (including virtualization)
• 4.Access by cloud service provider staff to the assets of cloud service customers
• 5.Access control procedures (e.g., strong authentication for administrative access to cloud services)
• 6.Notification to cloud service customers in change manageme
• 7.Virtualization security
• 8.Access to and protection of data of cloud service customers
• 9.Lifecycle management of cloud service customer accounts
• 10.Disclosing guidelines to support investigations and forensics

Established on June 15, 2016
Revised on November 30, 2018

SAMADHI Co., Ltd.
CEO Hideki Aikawa