Beacon NC Inc. [Head Office: Sinjuku-ku, Tokyo/President & CEO: Tokuya Fujiwara] has obtained ISO/IEC 27001:2005 certification, which is a global standard for information security management systems, and JIS Q 27001:2006 certification, which is a Japanese standard as of May 3, 2009.

Information Security Policy Statement

We manage various information assets, including customer information, in operating the data center business, the ASP service, and other services. We realize that the protection of information assets from external threats is the most important management challenge. Therefore, we established an Information Security Policy to build and operate the Information Security Management System (ISMS). We consider the protection of information assets as essential, and we are taking the appropriate security measures based on the policy. We now declare the Company's effort in the security of information.

Information Security Policy

1. Establishment of Information Security Management Systems (ISMS)
We establish the information security management systems (ISMS) according to the JIS Q 27001:2006 (ISO/IEC 27001:2005) standard for the purpose of maintaining a stable business, to protect our customers' and company's information assets from all internal or external threats, whether deliberate or accidental.

2. Information Security Administrative Structure
We appoint a chief of the ISO department who has overall responsibility for ISMS. The chief of the ISO department has the responsibility to manage and to lead the organization in the establishment and operation of the ISMS, including the reporting of information security incidents or accidents. In addition, the chief of the ISO department establishes an ISO department to accurately determine the company-wide information security status and can implement the necessary countermeasures quickly.

3. Scope of Application
The Scope of Application of our Information Security Policy will be applied to the information assets related to all activities under our management and all employees including the Board of Directors. Furthermore, when our information assets are shared with a third party, the information assets will be managed and supervised appropriately.

4. Organization Risk Management
We carry out risk assessments regularly and implement risk management and countermeasures.

5. Regulations on the Security of Information
We create a manual, regulations, and procedures for operations based on the Information Security Policy and abide by them.

6. Implementation of Information Security Education
We educate all employees of the company in a positive way to be familiar with the ISMS and initiatives in information security.

7. Duties of Employees and Penalties
The employees of the Company will comply with the Information Security Policy, ISMS manual, regulations, and procedures. If they violate the above, disciplinary action will be taken based on the rules and regulations.

8. Periodic Reviews
We review and evaluate the ISMS on a regular basis to try to improve it.