Information Security

Acknowledging the increasing importance of IT service security and protection of personal information, we established our information protection technology and management framework based on the international information protection management system to ensure stringent information protection. We also operate a 24-hour security monitoring system against cyberattacks and provide mandatory security training to our employees on a regular basis to enhance security awareness.

Code of Information Protection

Our Code of Information Protection is established and implemented based on the global standard model. We establish the code or review and apply a revision yearly in accordance with security-related legislations, business environment, recent technology trends, and new incidents.

피라미드1
Code

Basic security principles that are required to be followed by the company and all employees to strengthen competitiveness

피라미드2
Implementation Procedure

Specific and technical implementation standards required for compliance with the code

피라미드3
Guide

Practical application methods and technical details for applying the implementation procedure at sites

Information Protection Governance Framework

We operate a designated organization for protection against various internal and external security risks. In 2022, we newly appointed the Chief Information Security Officer (CISO) to strengthen the competency of the information protection organization.

Chief Information Security Officer (CISO), Information Security Committee, Division Security Manager. Samsung Integrated Security Center - Establish Samsung Group’s security policy, Establish/distribute security missions throughout Group, Assess Samsung Security Index (SSI), Distribute information on new security vulnerabilities and provide guideline throughout Group, Analyze and respond to security incidents. Information Protection Center - Establish company security policy, Oversee response to security incidents, Provide employee security training, Inspect office security, Manage facility security, Monitor signs of security incident, Manage personal information. DT Operation Group - Operate IT security system, Review and implement new solutions, Respond to security incidents, Respond to security control events, Inspect company-wide IT security

Certificate

ISO/IEC 27001:2013 / LRQA
ISO/IEC 27001:2013 / LRQA

SAMSUNG E&A received the ISO/IEC 27001 certification, a standard for information security management system, in order to establish and operate strong information security technology and management system. ISO/IEC 27001 is a standard for information security management system developed by International Organization for Standardization (ISO). It defines the standards for organizations to develop and operate security environments to protect information from internal and external security risks and continue to improve their information security activities.