MEDLEY, INC. and its group companies (hereinafter referred to as "the Group". See here for further information about the group companies) provides a variety of online services with the mission of "Creating the Future of Medical Healthcare." The Group believes that it is extremely important to protect and manage our information assets, including customers' personal information and other information, and to ensure that customers use the Group's services with peace of mind. On the basis of this concept, the Group will ensure a high level of information security by establishing and maintaining an information security management system in which all officers and all employees (hereinafter referred to as "all officers and employees") will participate.

1. The establishment of an information security promotion system

An Information Security Committee consisting of the President and CEO and other executive management team members will be established to discuss and determine the measures necessary for the enhancement of the Group's information security. In addition, necessary information security measures will be implemented, and the status of information security management in the entire company will be assessed using the services of information security personnel in each department.

2. Ensuring compliance with information security laws and regulations

In addition to developing in-house regulations related to the management and operation of information property in accordance with laws and regulations related to information security, all officers and employees will be made fully aware of the regulations necessary for ensuring compliance with these regulations.

3. Implementation of information security training

All officers and employees will be periodically trained in information security to ensure understanding regarding the importance of proper management and handling of information property and the apportionment of roles and responsibilities in information security promotion activities.

4. Continuous improvement of the information security management system

Periodic information security audits will be conducted, and on the basis of the results, the information security management system will be continuously improved.

5. Thorough management of outsourced activities

If activities are outsourced, a thorough review of the eligibility of service providers from the perspective of information security will be conducted and conscientious efforts will be made to prevent the leakage of information from service providers.