Information Security Policy

January 2016
Japan Racing Association

The Japan Racing Association (the “JRA”, “we,” “us” or “our”) recognizes that the proper management of information is an important management issue. In order to maintain the trust we receive from society, including from our customers, we hereby declare this “Information Security Policy” as our policy for activities concerning information security and agree to comply with this “Information Security Policy”.

1. Establishment of Information Security Management System

This Information Security Policy applies to all information that the JRA retains in the course of our business. In order to protect and properly manage such information, we will organize an Information Security Committee, appoint a Chief Information Security Officer and thereby establish a system under which the information security measures can be promptly implemented.

2. Development of Internal Regulations

We will develop internal regulations concerning information security and keep our officers and employees informed of the express policies and rules for achieving the protection and proper management of information.

3. Development and Enhancement of Audit System

We will appoint an Information Security Audit Officer and conduct information security audits on a regular basis and as necessary in order to verify the compliance with and effective operation of the laws, regulations and rules concerning information security in the performance of our business.

4. Appropriate Information Security Measures

We will implement security measures from the perspective of achieving comprehensive security control measures, including organizational development, to prevent the occurrence of incidents such as unauthorized access to, or destruction, divulgence or falsification of information.

5. Improvement of Information Security Literacy

We aim to improve the information security literacy of all JRA officers and employees and continually provide them with education to implement the proper management of information retained by the JRA.

6. Strengthening of Control System for Contractors

When entrusting our business to any individual or entity, we will fully examine the eligibility of such individual or entity as a contractor and request them to maintain a security level at least equivalent to that of the JRA. In addition, we will conduct necessary and appropriate supervision to ensure that such contractors’ security level will be maintained.

7. Implementation of Continuous Improvement

We will continuously improve our information security management by evaluating and reviewing the activities set forth above on a regular basis.