Information Security Policy
This basic policy shall apply to all personnel providing the services of the Company, directly or indirectly, such as directors, employees, temporary employees, and employees of subcontracted companies (hereinafter referred to as “all employees”) as well as those who have access to the information assets of the Company.
2. Information Assets
Information assets shall include all information and know-how, as well as information stored in hardware, software, networks, and recording media of information systems that are used to operate and manage the Company business appropriately.
3. Contents of Activity
- The Company will strictly enforce all security measures regarding the information assets of customers and will always strive, as a matter of top priority, to prevent the risks of loss, destruction, falsification, and leakage.
- While making the best use of information assets, the Company will implement the appropriate security measures for such assets according to the degree of importance.
- The Company will set up the Compliance Risk Management Committee inside the Company as an organization governing all matters regarding information security. The Company shall appoint a person with overall responsibility for information security management and field a responsible person to take, operate, and promote security measures for all information assets under a company-wide organization system.
- The Company shall continuously implement education and awareness of information security for all the employees and work to make sure all employees are informed about the information security policy. All employees who handle information assets shall observe the information security policy and fulfill obligation and responsibility stipulated therein.
- Considering the consistency with internal control in the technological advancement and changes in the business environment, the Company will continuously perform risk evaluation of information assets from many aspects and maintain and improve information security by reflecting it in the information security policy and other measures.
- The Company will implement periodic audits of the status of operations regarding information security in order to fully implement the appropriate corrective steps as necessary.
- The Company will observe the laws, regulations, and other norms related to information security.
Established on June 1, 2008