CROSS SYNC Inc. (hereinafter referred to as "the Company") operates with the vision of "ICU Anywhere," developing and providing AI-core technology solutions to promote the utilization of medical information in healthcare settings, enable information sharing independent of experience and specialized knowledge, and address social challenges such as healthcare worker reform due to the aging population and supply-demand imbalance. The Company protects information assets entrusted by clients from all threats and meets the trust of stakeholders, including clients. To achieve this, we have established this "Information Security Policy" and will implement safe and appropriate information security measures.

1. Information Security Objectives
   The Company establishes information security objectives and regularly evaluates their achievement.

2. Management of Information Assets
   The Company promotes the safe and proper management and operation of information assets by implementing appropriate organizational and technical measures, and takes thorough security measures to prevent information leakage, loss, unauthorized access, destruction, or alteration.

3. Compliance with Laws and Regulations
   The Company complies with laws, regulations, and contractual requirements related to business operations and information security.

4. Implementation of Education and Training
   The Company conducts necessary education and training for executives, employees, and other users of information assets to ensure they fully understand the Company's regulations and the importance of information assets, and strives to thoroughly disseminate this policy.

5. Management of Information Security Incidents (Accidents)
   The Company strives to prevent information security problems and responds promptly to any incidents that may occur.

6. Continuous Improvement
   The Company regularly reviews the operational status of information security and related regulations, and improves them as necessary.