Information Security

As technology continues to advance, a growing variety of cybersecurity incidents have emerged, such as customer personal data breaches, ransomware attacks, and malware threats. Information security and the protection of customer privacy have become critical objectives of corporate cybersecurity management. Our Company places great importance on information security and customer privacy protection, and has established an Information Security Management Center to strengthen overall cybersecurity defense and incident response capabilities, with the goal of providing customers with a secure and reliable digital environment.

In order to safeguard customer privacy and information security, the Company established an Information Security Management Center in 2023. The Chairman, representing the Board of Directors, oversees information security policies, while the Head of the Information Department has been appointed as the Chief Information Security Officer, responsible for supervising internal privacy protection matters.

The Information Security Management Center is primarily responsible for formulating and implementing information security policies, establishing data protection regulations, and managing information security incidents, in order to prevent and mitigate losses resulting from cybersecurity events.

Information security and personal data protection control procedures are included as annual audit items. The audit unit conducts at least one audit each year. In addition, the Company performs annual self-assessments in accordance with its internal control system, and submits a summary of the effectiveness of internal control implementation to the Board of Directors for review and confirmation.

The Company has implemented protective measures such as firewalls, antivirus systems, and regular data backups, and has adopted the 3-2-1 backup strategy to ensure data security. The 3-2-1 backup strategy refers to maintaining at least three copies of data, stored on two different types of storage media, with at least one copy stored off-site. These measures are designed to protect employee personal data, confidential company information, and customer data.

Furthermore, the Company conducts regular annual information security training programs, including information system disaster recovery drills, simulated hacker attack and defense exercises, and cybersecurity awareness initiatives. These efforts ensure that employees fully understand information security-related issues and collectively contribute to building a secure and trustworthy information operating environment.