Tohoku Electric Power Group Information Security Policy

April, 2007

Tohoku Electric Power Group promotes the following matters to ensure information security.

1. Compliance with Laws and Regulations

We comply with laws and regulations related to information security, as well as this policy and the standards established by each company within the Group.

2. Information Management

We establish a management system for information security with executive management as responsible parties, and appropriately manage all information handled in business operations according to its importance and associated risks.

3. Technical Measures

To prevent unauthorized access to information, loss, falsification, leakage, and disappearance of information, we implement technical and environmental measures and strive to protect information.

4. Education and Awareness

We provide education and training on information security to employees, ensure thorough compliance with laws, this policy, and standards, and take strict action against violators.

5. Outsourcing Management

When outsourcing operations, we inform contractors of this policy and ensure thorough information management by concluding contracts that include confidentiality clauses.

6. Incident Response

We establish a system to respond to information security incidents and accidents, minimize damage, and work to prevent recurrence.

7. Maintenance and Improvement

We respond appropriately to legal revisions and changes in social conditions, and strive for the continuous maintenance and improvement of information security.