Basic Policy
In order to protect information assets, the Company establishes an Information Security Policy and conducts its business activities in accordance with this policy. The Company also complies with all applicable laws, regulations, other relevant standards, and contractual obligations with customers related to information security.
The Company clearly defines standards for analyzing and evaluating risks such as leakage, damage, or loss of information assets, establishes a systematic risk assessment methodology, and conducts regular risk assessments. Based on the results, the Company implements necessary and appropriate security measures.
The Company establishes an information security management structure led by responsible executives and clearly defines the authority and responsibilities related to information security. In addition, the Company regularly provides education, training, and awareness programs to ensure that all employees understand the importance of information security and appropriately handle information assets.
The Company regularly conducts inspections and audits regarding compliance with the Information Security Policy and the handling of information assets. Any identified deficiencies or areas requiring improvement are promptly addressed through corrective actions.
The Company takes appropriate preventive measures against information security events and incidents. In the event that such incidents occur, the Company has established response procedures in advance to minimize damage, enabling prompt response and appropriate corrective actions.
In particular, regarding incidents that may interrupt business operations, the Company establishes a management framework to ensure business continuity through regular response exercises, recovery testing, and continuous review and improvement.
