Information Security Policy
Information Security Policy
In providing services, the Company is committed to ensuring and improving the confidentiality, integrity, and availability of all information assets.
Additionally, we will implement and promote our information security practices by establishing our “Information Security Policy” (hereinafter referred to as “Policy”), so that all employees recognize the value and importance of information assets and can appropriately protect them from various threats surrounding them.
Definitions in Information Security
“Information security” refers to safeguarding information assets from threats and ensuring and maintaining the confidentiality, integrity, and availability of information.
Confidentiality: Ensuring that information is accessible to authorized personnel only
Integrity: Protecting the accuracy and integrity of information and its processing methods
Availability: Ensuring that authorized users can access information and related assets when needed
Scope
This Policy applies to the information assets across all business activities managed by the Company, including personal information of employees, officers, temporary staff, subcontractors, and other relevant parties.
Management Responsibility
The Company recognizes that ensuring information security is a critical management priority. Accordingly, management will take the lead in driving systematic and continuous improvements in information security.
Establishment of an Information Security Management System
The Company will establish an information security management system and appropriately manage its information assets. Additionally, we will develop and implement internal regulations in accordance with this Policy and establish a security incident response framework.
Legal and Contractual Compliance
The Company will comply with applicable laws, regulations, national guidelines, and other relevant norms related to information security, and it will faithfully fulfill its contractual obligations.
Education and Training in Information Security
The Company will ensure that all employees understand the importance of information security and provide them with the necessary education and training for the proper use and management of information assets.
Response to Incidents and Legal or Contractual Breaches
In the event of a violation of laws, regulations, contracts, or incidents related to information security, the Company will respond promptly and appropriately and strive to prevent recurrence.
Regular Evaluation and Continuous Improvements
In addition to maintaining information security initiatives, the Company will reflect changes in the business environment and social conditions through regular evaluations of the implementation status of management systems and initiatives, thereby ensuring continuous improvements to such systems and initiatives.