Basic Policy on Information Security
With the conviction that the protection of information assets (hereinafter referred to as “information security”) is one of the key social responsibilities of the Company, the Company sets out the Basic Policy on Information Security with the aim of ensuring the maximum possible level of information security.
All directors, corporate officers, auditors, employees and other personnel authorized to handle the Company’s information assets shall understand the objectives hereof and shall respect and abide by this Basic Policy.
As used herein, “information assets” shall mean all information owned by the Company that is associated with the Company’s business as well as information systems for storing, controlling and distributing such information.
- 1. Organization and Structure
- An organization and structure essential to maintaining information security will be established to clarify the relevant responsibilities and authority.
- 2. Classification and Control of Information Assets
- Information assets owned by the Company will be classified according to the level of importance to ensure that they are under appropriate control.
- 3. Training and Knowledge Improvement
- Appropriate activities to improve training and knowledge will be offered to the authorized personnel to increase their awareness of the importance of information security.
- 4. Physical Protection
- The space and methods for storing information assets will be clarified to prevent unauthorized access, disturbance and damage to them.
- 5. Technological Protection
- For the purpose of properly protecting information assets from unauthorized access, appropriate measures will be introduced in terms of the methods for accessing information systems, restrictions on use, and network management.
- 6. Operation
- The status of compliance with this Basic Policy will be checked to ensure the effectiveness hereof. In addition, the methods of operation including the handling of violations of the Basic Policy and the procedures for responding to unauthorized access and other emergencies will be stipulated.
- 7. Assessment and Review
- The Basic Policy and the methods of operation hereof will be assessed and reviewed on a regular basis in light of changes in social circumstances and advances in technologies.
Established: April 2005
Revised: April 2011
- 1. Information Security Management Rules
- 2. Information Asset Control Rules
- 3. Rules for Use of Information Infrastructure