SECURITY

The intent

“Virtus Payment Inc.” (hereinafter referred to as “the Company”) recognizes that it is a social responsibility to ensure and improve security of information based on the business characteristics of handling various information such as credit card information, which is extremely sensitive and important. To this end, management of the Company has established the following “security policy” (hereinafter referred to as “this policy”) and implemented strict information security measures.

1. Purpose of information security

The Company shall appropriately protect information assets and manage information securely to prevent information leakage, falsification, and identification theft to establish a relationship of trust with customers, business partners and society./p>

2. Scope of application

The Company applies this policy to all employees, including officers and all information assets held by the Company.

3. Implementation objectives

  • •The Company will ensure and maintain “confidentiality”, “integrity” and “availability” which are basis of information security.
  • •We will comply with legal or regulatory requirements for information security.
  • • We will comply with the security requirements in the contract.
  • •The Company will protect and regularly update information assets centered on customer information so that business activities can be resumed promptly from a serious failure or disaster.
  • •The Company regularly conducts information security education and training for all employees, including officers.
  • •The Company shall establish and maintain an information security management system by establishing standards for evaluating information security risks and implementing appropriate risk management.

4. Administrative structure

The Company shall establish a risk management office within the Company, a team that is dedicated for information security, so the Company can accurately monitor the status of information security at an organizational level so that necessary measures and activities can be implemented quickly.

5. Continuous improvement

In response to changes that affect the risk of information assets handled by the Company, the Company will continually review the policy regarding information security management system and strive to Continuously improve it.