SK D&D complies with personal data processing guidelines and information security regulations to keep customer data and corporate information assets safe. The CISO (Chief Information Security Officer) is appointed under the direct leadership of the CEO for his/her expertise on information security-related laws and practices as well as information security to develop, implement and review work plans each year. In 2022, we are working to achieve the ISMS* certification to advance our information security and customer data protection system.
Information Security Implementation System
Information Security Training
We provide information security training to all our employees each year to improve their information security awareness and capabilities. All our employees sign the information security pledge to recognize the importance of information security and to internalize their sense of responsibility. We plan to conduct simulation exercises against phishing e-mails to strengthen our execution of information security.
Document Centralization and ITSM *
We are developing a document centralization system to prevent any breaches of our corporate data. This system ensures that documents are stored on the corporate central server, not on the personal computers of individual users to ensure that such documents are not disclosed externally, laying the basis for turning document resources into invaluable assets. To address the reduced speed of information processing as a result of improving information security, we introduced the ITSM service to support our employees to collect necessary improvements on the IT system and failure factors and to engage in continuous management and improvement.
IT Business Continuity
SK D&D has established a business continuity plan and response procedures to prevent and promptly address information security incidents, and regularly reviews such plans and procedures. In the event of a disaster or a failure of the computer network, an emergency management team is organized in accordance with our IT business continuity guidelines, network failures are analyzed for their impact on our operations to establish a hierarchy of priorities for recovery efforts, and managerial/technical measures are taken. To aid in individual and emotional preparedness for actual emergencies, we conduct simulation exercises and emergency response trainings for IT business continuity at least once a year.