Website Information Security Policy
Collection and Use of Personal Data
- According to regulations of Personal Information Protection Act and relevant acts, your personal information will be handled only for providing you the service in compliance with the specific purpose of data collection. The Website will not arbitrarily disclose your personal data to a third-party.
- During your utilization of this Website, below information will be collected automatically: date and time, your captured webpage, your URL, your browser category, actions that you have made to pages of this Website (ex. downloading) and if these actions are succeeded. Above mentioned information may be used to improve the performance f this Website.
- Actions that create significant loading to this Website will be monitored.
Liability of Information Responsibilities and Educational Trainings
- For personnel who handle sensitive and confidential data and who are authorized to manage the system due to job s needs, the Website will properly divide their works, decentralize their authority and responsibility, establish an assessment and evaluation system, and build personnel mutual-support system depending on the need.
- For resigned (absent or suspended) personnel, relevant procedures will be carried out in accordance with the standard resignation (absence or suspension) procedures and their authority of access the system resources will be immediately canceled.
- Depending on the actual needs, educational trainings and propagations for information security are carried out for personnel at different levels in accordance with their roles and functions. It helps employees to understand the importance of information security and possible security risks in order to enhance their awareness towards information security and to follow relevant regulations.
Information Security Works and Protections
- Operating procedures for handling information security incidents are established and necessary responsibilities are given to relevant personnel in order to quickly and effectively handle information security incidents.
- A management and reporting mechanism for changes of information facilities and systems is established to avoid possible ignorance in system security.
- Personal data are carefully handled and protected in accordance with regulations related to Personal Information Protection Act.
- The system back-up system is established to save and back-up necessary data and software periodically in order to quickly resume to normal operations when a disaster happens or when the storage multimedia becomes ineffective.
Web Security Management
- A firewall is established on the site that connects the external network to control the data transmission between the outside world and the internal network, to store and access relevant resources and to implement strict ID recognition work.
- Confidential and sensitive data and documents are not stored in the information system that is opened to the public. Confidential document shall not be transmitted by e-mails.
- Not only the internal network carries out regular examinations on information security facilities and anti-virus mechanisms, but also the virus code of the anti-virus system and all types of security measures are updated regularly.
System Access Control Management
- Password issuance and amendment procedures are stipulated and recorded based on the needs of the operation system and security management.
- According to their access authority required for implementing the mission, personnel at all levels shall log in the operating system with the authorized account number and password given by the management personnel and such data shall be updated regularly.