Part 1: Company-Wide Information Security Control Measures

1. Construction of Information Security Management Framework

We appoint a company-wide Information Security Officer to establish a collaborative framework with each division and create a management structure with clearly defined responsibilities and authorities.

2. Development of Internal Regulations

We develop company-wide common information security rules, regulations, and guidelines to ensure the appropriate management and operation of information assets.

3. Establishment and Operation of Audit Framework

We conduct regular internal audits and external audits as necessary to verify the effectiveness and compliance status of security measures within the company.

4. Implementation of Technical and Physical Countermeasures

We implement technical and physical countermeasures such as access management for information systems and physical environments, malware countermeasures, entry/exit controls and backups.

5. Education and Training

We provide information security education to all employees on an annual basis and offer initial training for new hires and transferred personnel.

6. Contractor Management

We require external contractors to implement information security management that is equivalent to our own, and we manage them regularly through contracts, assessment, and audits.

Part 2: ISMS Division Information Security Management Policy

1. Scope of application

Part 2 of the Policy applies to divisions, personnel, and associated information assets involved in “system operations,” as defined in the scope of ISMS application at SB Intuitions Corp.

2. Top Management Commitment

Within the scope of the ISMS, top management recognizes the importance of information security and provides active support through policy approval, resource provision, and involvement in continuous improvement.

3. Risk Management

For information assets within the scope of operations, risk assessments are conducted at least once a year. Control measures are established and implemented to keep risks at an acceptable level.

4. Compliance with Legal, Regulatory, and Stakeholder Requirements

We provide clarification on all applicable legal, regulatory, and contractual obligations, as well as requirements from customers and external stakeholders. We then implement measures to comply with these obligations and requirements.

5. Documentation and Review

This Policy and related ISMS documentation are managed in accordance with the Document Management Policy, and they are reviewed at least once a year or when significant changes occur.

6. Continuous Improvement of ISMS

The effectiveness of the ISMS is continuously assessed and improved through internal audits, corrective actions, and management reviews, and records of these actions are retained.

[Manager]
Information Security Officer
SB Intuitions Corp.
Name: Daiki Orihara

Established on July 1, 2023
Revised on November 1, 2025

Certification

SB Intuitions Corp. has obtained third-party certification for its Information Security Management System (ISMS) based on the international standard ISO/IEC 27001 and the domestic standard JIS Q 27001.

Certification Standard

JIS Q 27001:2023(ISO/IEC 27001:2022)

Certification registration number

ICMS-SR0719

Divisions

Business Strategy and Technology Development Division
Platform Department System Infrastructure Team
Platform Department Information System Team
Engineering Department

* Names of divisions are the names that were current at the time certification was obtained.

Scope of certification

Operation of commercial systems for generative AI services.
Information security management associated with the above.