Main

Information Protection and Security

Information Protection and Security

Information Protection System

Information Protection Policy

In preparation for going public in 2021, SK bioscience adopted and revised security-related policies It also established an information security system with a dedicated division responsible for information protection and designated an individual in charge of information protection. In 2022, alongside obtaining ISO 27001 certification, the international standard for information protection, we adopted and revised six procedures and policies other than the Security Management Regulation. These facts were posted on the internal notice board and company regulation board for all employees to review. In 2023, we appointed individuals in charge of security for each depar tment who are tasked with disseminating security training and checkpoints within their respective departments, to manage information protection issues.

Information Protection Goals

SK bioscience effectively and reliably protects corporate assets by controlling information leakage routes through information protection and specifying procedures and the roles and authorities of personnel in charge to ensure necessary security measures are implemented. We conduct information protection activities that meet the standard requirements of international standards such as GMP, and strengthen our IT security control system and external data security by reflecting ISO 27001 standard which is the information protection and privacy management system. In 2022, we obtained ISO 27001 certification and identified risk factors in the field of information security, leading us to purchase cyber package insurance/reinsurance. Through these efforts, we are committed to enhancing our security capabilities at a global level and earning the trust of our global partners by obtaining international standard certifications.

Information Protection Division

The SK bioscience information protection division’s tasks are managed and supervised by C-level executives. The tasks are divided into three detailed areas which are technical security, privacy, and physical security. Each area is led by a manager, and in the case of physical security, we have allocated a manager at the HQ and Andong L HOUSE respectively. Going forward, we plan to hire personnel with expertise in information protection and achieve a level of management that corresponds to international standards

Organizational Structure of the Information Security Division
정보보호 전담 조직도, 자세한 내용은 아래를 참고해주세요

Prevention of and Response to Cybersecurity Incidents

Simulation Training

To prevent and respond to cybersecurity incidents, SK bioscience conducts regular inspections of major systems and strengthens the security review process upon the introduction of new solutions. In addition, we conduct simulated phishing every half year to diagnose vulnerabilities and establish safe business systems through continuous management. At each simulation training, we send a total of two warning emails to employees who had their computers infected with malware and carry out PC scans and checks. In addition, we conduct DDoS simulation training in the second half of each year to check the detection and blocking abilities of our security systems and the availability of security equipment by conducting three simulated attacks consisting of prevalent and new attack types.

DDoS Simulation Training Procedure
DDoS 모의훈련 절차, 자세한 내용은 아래를 참고해주세요

Information Security Culture

Information Security Activities and Training

SK bioscience’s company-wide IT system is kept safe from internal and external threats such as information leakage through remote control services provided by a professional security company. We designate ‘Company Security Day’ to conduct self-inspections on daily life security, document security status, and work equipment at least once a year. We also try to create an information protection culture by sharing monthly malicious/phishing mail trends and new security threat cases via the company notice board. Furthermore, we conduct regular privacy and security training for our employees, including new hires and employees of our business partners to strengthen security awareness and raise awareness of information leaks. The training program is updated annually to deliver customized privacy and information security training.

Information Security Training

  • Personal Information Training

    Personal data protection compliance, minimum personal data processing, ensuring information owner’s right to choose, etc.

  • Information Security Training

    Trends and cases, SKBS information security status and processes, etc.

  • Development Security Training

    Web secure coding, component security, information leakage prevention, etc.