Information Security Policy

AMITA HOLDINGS CO., LTD. ("AMITA") adheres to the following Information Security Policy (this "Policy") to protect its information assets and maintain robust information security.

Implement a robust information security management system

AMITA has in place a robust information security management system and adheres to relevant information security laws and regulations to protect its information assets and retain the trust of the public.

Enforce internal rules on information security

AMITA has in place internal rules based on this Policy that define how to handle and manage its information assets. The rules are also intended to inform internal and external stakeholders of AMITA's determination to take disciplinary action against any unauthorized disclosure of information.

Operate a secure information system

AMITA has in place a secure information system that safeguards its information assets against unauthorized, whether intentional or accidental, access, leakage, tampering, loss, destruction, or obstruction.

Provide information security training

AMITA trains all its officers and employees in information security on a regular basis to help them acquire and exercise information security literacy at work.

Require subcontractors to meet stringent information security requirements

Before signing agreements with subcontractors, AMITA assesses their qualification thoroughly. AMITA includes in agreements with subcontractors a clause demanding that they meet information security requirements equally or more stringent than those met by AMITA.

Conduct information security audits

AMITA conducts regular internal audits to ascertain whether its officers and employees adhere to this Policy and other information security regulations and rules. AMITA uses audit findings to identify and address issues with its information security management practices.

Scope of this Policy

The information assets governed by this Policy refer to information that AMITA acquires or comes to learn in business, as well as all business information in its possession. All AMITA officers and employees must adhere to this Policy when handling and managing these information assets.

[Supplementary provision]

This Policy is to take effect on January 4, 2010.

President and Chief Integrated Operations Officer