close (e.g. book, eyes, meeting, etc.)

    CLOSE

    1. TOP
    2. Security Policy

    Security Policy

    SECURITY
    POLICY

    BREXA Group Information Security Policy

    The BREXA Group (the companies in which BREXA Holdings, Inc. (the "Company") directly or indirectly holds a majority of the issued and outstanding voting shares or interests (the "Group Companies"; the Company and the Group Companies collectively, the "BREXA Group") recognizes the importance of the appropriate operation and management of information in its business activities in light of the progress of the advanced information society. In light of the progress of the advanced information society, we recognize that the appropriate operation and management of information in our business activities is an important issue, and hereby declare the following information security policy (hereinafter referred to as the "Policy") based on the Purpose and the BREXA Group Code of Conduct, in order for you to do business with the BREXA Group with peace of mind. In order for you to deal with the BREXA Group with peace of mind, we hereby declare the Information Security Policy (hereinafter referred to as the "Policy") based on the Purpose and the BREXA Group Code of Conduct. The information assets covered by this Security Policy shall be all information obtained and acquired in the course of the BREXA Group's corporate activities, as well as all information held in the course of business.

    1. the basic principles and scope of this policy

    This policy is the basic principle of information security measures and shall be applied to all information assets used in the business activities of the BREXA Group and all employees and other related parties (hereinafter collectively referred to as "Employees, etc.") regardless of their titles, including representative directors, directors, auditors, executive officers, advisors, directors, employees, contract employees, part-time employees, etc. who use these assets. (hereinafter collectively referred to as "Employees, etc.") (hereinafter collectively referred to as "Employees, etc.").

    Information Security System

    The BREXA Group shall appoint a Chief Information Security Officer (CISO) and designate an Information Security Manager for each individual company of the BREXA Group to establish and operate a system to ensure the effectiveness of information security measures.

    3. maintenance and implementation of internal rules and regulations

    In order to protect and properly manage information assets, the BREXA Group shall establish information security regulations and other related rules, thoroughly inform employees, etc., and practice information security.

    Operation and management of information assets

    The BREXA Group implements appropriate and thorough information security measures to protect information assets. In addition, the BREXA Group will practice risk assessment of information assets and take appropriate preventive and countermeasures to reduce risks according to the results of risk assessment.

    Information security education

    The BREXA Group will continuously provide necessary information security education and training to its employees, including users and managers of information assets, in order to maintain and improve their awareness of information security measures and to put them into practice. We will ensure that everyone involved in the BREXA Group's information assets is information security literate in order to carry out their duties.

    6. Development and operation of audit system

    In order to ensure the effectiveness of information security, the BREXA Group shall conduct regular and as-needed audits to ensure compliance with and effective functioning of the Information Security Regulations and other related rules, relevant laws and regulations, as well as information security norms established and published by government agencies and industry organizations. If the audit results indicate that the company is not operating properly, the company will promptly make improvements or recommend rule revisions based on the audit results.

    Information security measures

    The BREXA Group shall implement information security measures in terms of organizational, physical, technical, and personnel safety control measures to prevent information asset leaks, tampering, damage, unauthorized access, and other accidents related to the operation and management of information assets. In the event of an accident, we will promptly implement corrective measures and measures to prevent recurrence.

    Strengthen management system for outsourcing

    When outsourcing operations to an external contractor, the BREXA Group shall thoroughly and rigorously examine the contractor's eligibility and require information security measures equivalent or superior to those of the BREXA Group, and shall conduct periodic audits of the contractor to ensure that information security measures are properly implemented. In addition, regular audits, etc., are conducted on the subcontractors to confirm that information security measures are properly implemented.

    9. compliance with laws, regulations, norms and business terms and conditions

    The BREXA Group shall comply with laws, national guidelines, and other norms related to information security, as well as contractual stipulations. In the event of any violation of laws and regulations, breach of contract, or accident related to information security, the BREXA Group shall take appropriate measures to prevent recurrence.

    10. ongoing efforts

    In order to further ensure the effectiveness of information security, the BREXA Group will continuously improve its information security measures through periodic monitoring and evaluation of the above efforts.

    Established July 1, 2025