Basic Policy on Information Security

Sumisho Realty Management Co., Ltd. (hereafter, “SRM”) is a group of real estate professionals that leverages a variety of information assets with the objective of providing superior investment opportunities and high-quality service. SRM has always worked to thoroughly ensure compliance. It believes that one of its social responsibilities is to safeguard the information in its possession from threats including fraud, cyberattacks, and disasters, and to ensure that information is safe and secure for all stakeholders—including investors—and for society.

SRM recognizes that managing information security is one of the key issues in compliance and risk management, and as such is committed to working on information security management companywide based on the following policies.

1. Responsibilities of Management Team

Under management’s leadership, SRM will systematically and continuously work on information security management.

2. Information Security Management Structure

SRM will establish the systems necessary to maintain and continuously improve information security, and ensure all employees are aware of and in compliance with any relevant regulations.

3. Protection of Information Assets

SRM will implement information security measures of an organizational, personnel, physical, and technical nature and strive to protect any and all information assets under its management.

4. Education and Training

SRM regularly provides education and training to its officers and employees to ensure understanding of their responsibilities and obligations as they relate to information security, acquisition of the requisite skills and knowledge, and the continuous heightening of their awareness.

5. Legal and Regulatory Compliance

SRM pledges to comply with information security-related laws and regulations, and to satisfy its contractual obligations.

6. Responding to Incidents and Accidents

SRM will work to improve its systems to facilitate quick, appropriate responses to incidents and accidents related to information security. In the unlikely event an information security incident or accident does indeed occur, SRM pledges to respond promptly and appropriately, work to mitigate damage, and take measures to prevent recurrence of such an event.

7. Continuous Improvement

SRM will strive for constant improvement to maintain and enhance its information security management system and security measures.