Basic Information Security Policy

Medley Inc. (hereinafter referred to as "the Company") provides a variety of online services with the mission of "Creating the Future of Medical Healthcare." The Company believes that it is extremely important to protect and manage customers' personal information and information assets from various information systems and to ensure that customers use the Company's services with peace of mind. On ghe basis of this concept, the Company will ensure a high level of information security by establishing and maintaining an information security management system in which all executives and all employees (hereinafter referred to as "all executives and employees") will participate.

1. The establishment of an information security promotion system

An Information Security Committee consisting of the President and CEO (hereinafter referred to as the CEO) and other executive management team members will be established to discuss and determine the measures necessary for the enhancement of the Company's information security. In addition, necessary information security measures will be implemented, and the status of information security management in the entire company will be assessed using the services of information security personnel in each department.

2. Ensuring compliance with information security laws and regulations

In addition to developing in-house regulations related to the management and operation of information property in accordance with laws and regulations related to information security, all executives and employees will be made fully aware of the regulations necessary for ensuring compliance with these regulations.

3. Implementation of information security training

All executives and employees will be periodically trained in information security to ensure understanding regarding the importance of proper management and handling of information property and the apportionment of roles and responsibilities in information security promotion activities.

4. Continuous improvement of the information security management system

Periodic information security audits will be conducted, and on the basis of the results, the information security management system will be continuously improved.

5. Thorough management of outsourced activities

If activities are outsourced, a thorough review of the eligibility of contract individuals/companies from the perspective of information security will be conducted and conscientious efforts will be made to prevent the leakage of information from outsourced individuals/companies.

Date of enactment: August 23rd, 2018
Medley Inc.
President and Chief Executive Officer - Kohei Takiguchi

Return to index