Security Basic Information Security Policy

Basic Information Security Policy

Last revised July 20, 2021

IMV Corporation (hereinafter referred to as “we”) believes that ensuring information security is one of the key issues in the proper and smooth conduct of our business activities. Accordingly, we have established “Information Security Basic Policy” as a guideline to protect our information assets. We will operate and promote this policy as follows.

1. Scope of Application

We shall apply this Basic Policy to all of our employees (officers, employees, temporary staff, etc.) who handle our information assets.We shall apply this Basic Policy to our outsourcees by concluding an angreement in accordance with this Basic Policy. Information assets refer to the following:- information handled by us in the course of its business activities- information systems, networks, devices, facilities, and storage media which store and process the above information

2. Establishment of Management Structure

We shall establish a management structure to maintain and manage information security and define roles and responsibilities.

3. Establishment of Internal Rules

We shall establish internal rules based on this Basic Policy, express clear policies on the handling of information assets, and make sure all of us knows about them.

4. Compliance with Regulations

All of our employees must comply with internal rules based on this Basic Policy, information security laws and other standards, and contractual security requirements.

5. Implementation of Information Security Measures

We shall implement necessary measures against risks such as destruction, leakage, falsification, loss and ruination of information to ensure the safety of information assets

6. Improvement of Information Security Literacy

We shall continuously and as needed conduct education/training for all employees to improve information security literacy and appropriately managing information assets related to business execution.

7. Continuous Improvement

We shall strive to continuously improve our information security measures by periodical evaluation and reviewing the above initiatives.