MedPeer, Inc. (hereinafter the “Company)” is committed to maintaining an advanced information security management framework complying with our Information Security Policy and Behavioral Guidelines for the Protection of Personal Information (Privacy Policy), which are provided separately.

The Company has established the following security objectives and will ensure that various measures are implemented to achieve them.

• -Respecting and complying with customer contracts and legal or regulatory requirements.
• -Preventing information security incidents before they occur.
• -Protecting information assets from information security threats.

We strive to protect all information assets held by the Company and comply with laws, regulations, and other norms related to information security, establishing a highly secure information security management framework to ensure trust from society.

We have appointed a Chief Information Security Officer (CISO) and have formed an Information Security Committee. These steps enable us to accurately assess the status of information security company-wide, proactively implementing necessary measures in a timely manner.

Internal regulations have been established based on our Information Security Policy. These regulations clearly state our policies on handling personal information and general information assets. They also thoroughly clarify, both internally and externally, our strict attitude toward information leaks.

We will establish a framework to conduct internal audits of our compliance with our information security policies, regulations, and rules. Additionally, in principle, we will undergo a yearly third-party audit to obtain a more objective evaluation. By systematically performing these audits, we can certify that all employees comply with our security policy.

We will implement a system that reflects our thorough measures to prevent unauthorized intrusion, leakage, falsification, loss, destruction, or interference by using information assets. Our countermeasures include having certain operations restricted to high-security areas, restricting database access rights, and other measures that thoroughly control access to data.

We ensure that all staff and temporary employees receive thorough security education and training, and that everyone working with our information assets can perform their duties while being literate in information security.
We will continue to provide education and training to our staff to respond to ever-changing circumstances.

When entering into an outsourcing contract, we will thoroughly examine the subcontractor’s eligibility and request that they maintain levels of security equal to or higher than that of the Company. To ensure security levels are being appropriately maintained, we will continually review our subcontractors and strengthen our contracts with them.

The information assets covered by this policy include all information obtained or learned in the course of the Company’s corporate activities and all information held by the Company during our work. This policy applies to directors, staff, temporary employees, and others involved in the handling and management of these assets and by subcontractors and their employees.