Information Security

Information Security Policy

Recognizing that the information assets handled during its business activities are a critical foundation of its management, the Company believes it has a social responsibility to protect such assets from risks such as leakage, damage, or loss and to manage them appropriately. To this end, the Company has established this Information Security Policy and will implement and maintain it.

1. The Company will comply with this Information Security Policy and with all applicable laws, regulations, and rules related to information security.
2. The Company will identify its information assets, including personal information and confidential information, and will implement appropriate measures to ensure their confidentiality, availability, and integrity.
3. The Company will establish an appropriate information security management framework and clearly define responsibilities and roles. The Company also will provide regular training to officers and employees to ensure awareness of the importance of information security.

Personal Information Management Framework

• All communications and data are encrypted.
• System and access logs are retained indefinitely.
• Access to personal information is limited to designated routes.
• System access is restricted to designated connection routes.

The Company uses cloud infrastructure that meets high security standards to protect customers’ important information and has established and strengthened a customer information management framework based on a defense-in-depth approach.

The Company enforces the principle of least privilege, encrypted communications, and the preservation of audit logs, and continuously improves day-to-day operations through ongoing system monitoring and internal audits.

Secure System Operations

Business systems are operated on cloud infrastructure designed with availability, scalability, and security in mind.

To reduce risk, network access is restricted to secure connection routes, and access to data is controlled through appropriate role-based permissions.

Data is encrypted both at rest and in transit, and encryption keys are managed appropriately.

Business Device Management

Company-issued smartphones and PCs are managed under an integrated endpoint management framework, with full-disk encryption, enhanced authentication, and remote protection measures in place. A secure working environment is maintained through the continuous application of the latest security patches and the proactive detection of suspicious activity.

Internal and External Communication

Business chat tools are used for day-to-day work communications to improve operational flexibility. When coordinating with external customers and partners, communication practices are designed to balance convenience with security.

Personal Data Protection

Certified under the PrivacyMark system, personal information is handled in accordance with applicable laws and internal rules, including limiting purposes of use, applying the principle of least privilege, and preserving audit trails.

The data protection framework is continuously improved through education, training, and internal audits.

In addition, procedures for detection, containment, and recovery have been established in preparation for potential incidents, and regular drills are conducted.