본문바로가기

Risk Management

Risk Management System

SK bioscience operates the Enterprise Risk Management (ERM) system to manage financial and non-financial risks that may arise from business activities in an integrated manner. The primary goal of the ERM is to minimize the likelihood of risks materializing and negatively impacting the business. To achieve this, risk factors related to our business are selected as priority management tasks and managed intensively. We prioritize a long-term perspective in ERM operations to effectively respond to risks that dynamically change based on the internal and external business environment.

자세한 내용은 아래div를 참고해주세요 자세한 내용은 아래div를 참고해주세요

리스크 식별 - 측정 - 관리 - 평가로 이어지는 프로세스 정립

리스크 식별&측정을 통한 체계적 리스크 기반 마련

  • 리스크 식별

    리스크의 정의 (oiep)
    조직의 목표(objective) 달성에 영향(impact)을 끼치는 사건(events)의 발생 가능성(probability)
    이미 발생한 사건과의 구별
    사건은 이미 발생하였으므로 리스크가 아님
    적절한 사후 대응이 최선의 관리(Management)
    식별, 측정가능성
    식별과 측정이 가능해야 리스크 관리 가능

  • 리스크 측정

    리스크 측정
    발생가능성 및 영향도를 기준으로 - Risk level 측정 (High/Medium/Low) - High Risk부터 중점관리과제로 관리

    영향도,중점관리과제,발생가능성

  • 리스크 관리활동 및 관리효과 평가

    현재 Risk Level 평가
    각 과제별로 수행한 리스크 관리활동을 기반으로 현재 Risk Level을 평가

    영향도,중점관리과제,발생가능성, 관리전/후 : 평가/의견 구성요소별 평가 및 의견

  • 향후 진행 계획 수립

    향후 관리 주체 설정
    각 과제의 리스크 영향도, 발생가능성 및 현재 Risk level을 고려하여 - 전사 차원에서의 계속 관리 또는 - 현업부서에서의 관리 여부 결정
    ERM 계속 관리
    현업부서 관리
    향후 계획 수립
    각 과제별 관리주체가 기존 계획 대비 미비점을 분석하고 신규 계획을 주도적으로 수립하여 이행
Comprehensive Risk Management

SK bioscience reviews and supervises financial, ethics, and compliance risks by the Audit Committee, and non-financial risks such as climate change and human rights by the ESG Committee. Major risks are reported and approved by the Board of Directors to enhance the risk management system.

In the second half of 2024, we will appoint two Chief Risk Officers (CROs) to oversee financial and non-financial risk management respectively, to advance our comprehensive risk management capabilities across the entire Company. This will facilitate cross-functional collaboration on interrelated risks across the business and strengthen our ability to respond proactively. In addition, we will routinize risk-related reporting to the Board of Directors from 2025 to further strengthen the Board's oversight function.

자세한 내용은 아래div를 참고해주세요 자세한 내용은 아래div를 참고해주세요

정보보호 총괄 임원

  • 기술보안
    정보보호 책임자 (CISO)
    정보보호관리자
  • 개인정보보안
    개인정보보호 책임자 (CPO)
    개인정보보호관리자
  • 물리보안
    본사 물리보안 책임자
    본사 물리보안 관리자
    물리보안
    L HOUSE 물리보안 책임자
    L HOUSE 물리보안 관리자
Tax Risk Management

SK bioscience complies with domestic and international tax policies and regulations and faithfully fulfills its obligations to file tax returns and pay taxes. We do not transfer income to other countries to exploit differences in tax laws or loopholes in the international tax system. Moreover, we ensure that taxable income is allocated consistently with the value created in each country where we conduct business activities. To proactively manage tax risks, we seek advice on taxes from external tax experts. For major tax issues, we consult tax authorities in advance and carry out tax-related activities based on authoritative interpretations obtained during these consultations.

We evaluate and manage tax risks that may arise due to ongoing changes in tax policies, as well as those associated with our business activities, including new growth investments. Recognizing the complexity of tax laws and differences in interpretation, we understand that it is impossible to eliminate all tax risks entirely. Therefore, our focus lies in preemptive identification and management of uncertain tax issues. To proactively prevent such risks, we continuously monitor domestic and international tax laws, as well as tax trends in each country, and cooperate and communicate with tax experts.

When it comes to transactions between related parties, SK bioscience observes the arm’s length principle aligned with the OECD Transfer Pricing Guidelines and the laws of each country. For transfer pricing transactions with related parties abroad, we will prepare a Base Erosion and Profit Shifting (BEPS) report and a transfer pricing report with an external tax expert if necessary. We will also oversee the implementation of transparent tax strategies such as the prevention of tax evasion and income transfer. In addition, we will analyze in advance the calculation of effective tax rates by country and whether additional taxes will be incurred in connection with the implementation of the Global Minimum Tax, and manage appropriate response procedures if necessary.

Tax-related Decision-making System
자세한 내용은 아래div를 참고해주세요 자세한 내용은 아래div를 참고해주세요
  1. CEO
    경영지원본부로부터 세무 관련 결산 내용 및 리스크, 중요 특이사항 등을 보고받음
    의사결정 최종 승인

    세무 관련 결산 내용 및 리스크, CEO 의사결정 필요 특이사항 보고

  2. 경영지원본부
    재무실로부터 보고받은 세무 관련 리스크 및 중요 특이사항 검토
    재무실의 세무 전략을 조직 전체 목표에 통합하는 역할

    세무 관련 결산 리스크, 중요 특이사항 보고

  3. 재무실
    회계팀으로부터 보고받은 세무 관련 리스크 및 특이사항 검토
    당사의 조세정책에 근거하여 납세가 이루어졌는지 점검

    세무 관련 리스크 및 특이사항 보고

  4. 회계팀
    경영조세 전략 관련 실무 전담 조직으로, 세무 관련 사항 조정 및 리스크 관리
    회계법인에서 주최하는 개정세법 설명회에 주기적으로 참석하여 세금 관리 정책 및 원칙 내재화 추진

Operation of Business Continuity Plan

SK bioscience has established an emergency response plan to minimize human, material, and environmental losses in the event of an unavoidable accident such as a natural disaster or catastrophe. In case of an accident, we implement a staged systematic response plan consisting of a series of actions that enable us to respond to crises quickly and systematically. These actions include reporting, organizing and convening an emergency response team, and disseminating information about the situation. In accordance with the internal emergency response management regulations, responsibilities, authorities, and response plans for each division are established. The decision to activate the emergency response committee is made based on the severity of the situation.

In addition, we also designed a Business Continuity Plan (BCP) to ensure business continuity in the event of an emergency. We operate situation-specific response scenarios for a possible emergency and respond according to unified instructions and reports to minimize the damage caused by disruption of business activities. Additionally, we maintain continuous communication with our stakeholders through both internal and external channels, ensuring that the impact on them is minimized. In 2024, we conducted a total of five emergency response drills, and in 2025 we will expand response drills to strengthen each organization's ability to respond early stage in an emergency.

Organizational Chart for Crisis/Emergency Response Committee
자세한 내용은 아래div를 참고해주세요 자세한 내용은 아래div를 참고해주세요
  1. 위기대책 위원회
  2. 간사
    • L HOUSE 비상대책본부
    • 본사 비상대응 조직

SK bioscience strives to minimize damages by proactively managing all risk factors that arise in the business sites. Accordingly, we have established an emergency response system and emergency response procedures to promptly respond to emergencies in the workplace.

We set up a disaster prevention system to monitor on-site emergencies 24 hours and prepared response scenarios by predicting emergencies in the SHE (Safety ∙ Health ∙ Environment) aspect. The emergencies and response levels are categorized based on the severity of damage and the possibility of further escalation. We have also defined the roles and responsibilities of divisions in charge of on-site response, support, and emergency contacts.

Meanwhile, under the leadership of the SHE Team, we conduct joint drills at least once every quarter to enhance our crisis response capabilities, and we also establish improvement plans for problems identified through the drills.

Emergency Response Policy: Operational Principles
자세한 내용은 아래div를 참고해주세요 자세한 내용은 아래div를 참고해주세요
  1. 인간 생명 보호
  2. 환경 보호
  3. 회사의 자산 및 이미지 보호
Types of Emergency
자세한 내용은 하단 참고해 주세요. 자세한 내용은 하단 참고해 주세요.

  • 비상사태

    아이콘
    • 인체상해 사고
    • 화재•폭발 사고
    • 누유 사고: 육상/해상
    • 누출 사고: 독성/가연성 가스

  • 준비상사태

    아이콘
    • 태풍•폭우, 지진, 해일 등 자연재해
    • 인근지역에서 발생한 사고가 사업장으로 파급될 우려가 있는 경우
    • 정전사태
Supply Chain Diversification Strategy

SK bioscience has established and operated a supply chain diversification strategy to ensure stable production and seamless inventory management. By reducing dependence on a small number of suppliers and securing supply chain diversification, the Company ensures a stable and systematic supply chain capable of quickly and flexibly responding to global demand in the event of production disruptions or unforeseen supply interruptions. This strategy allows SK bioscience to maintain continuous and reliable product manufacturing and supply.

IDT Business Continuity Plan

IDT Biologika (hereinafter IDT) Business Continuity Management (BCM) ensures the continuity of operations by identifying potential risks, preparing for emergencies, and improving recovery times. It focuses on critical business processes and addresses the impact of risks, such as disruptions to these processes or the loss of essential resources.

The IDT BCM follows the ISO 22301 standard, which is based on the PDCA (Plan-Do-Check-Act) cycle. This cycle is divided into four phases: planning (Plan), implementation (Do), monitoring (Check), and corrective action (Act). In the event of an emergency, structured plans are developed, and employees are trained to handle possible situations. With this approach, IDT is equipped with both preventive and reactive measures to manage internal or external incidents effectively.

Information Security

Information Security Management System

Starting with the revision of security-related policies, SK bioscience has designated a Chief Information Security Officer (CISO) and established an information security management system centered on a dedicated information protection team.

The Company’s information protection-related policies and procedures are continuously updated in accordance with compliance regulations and changes in the internal work environment. In accordance with the Personal Information Protection Act and related enforcement regulations, we have established and operate an internal management plan that reflects the standards for measures to ensure the safety of personal information. In addition, we transparently disclose our privacy policy on our website.

In 2023, we appointed individuals in charge of security for each department who are tasked with disseminating regular security training and checkpoints within their respective departments, to manage information protection issues. In 2024, SK bioscience continues to pursue information security enhancement activities, including further strengthening security capabilities to respond to the changing IT/OT environment and perfecting asset protection systems in the cloud environment.

Information Protection Division

The SK bioscience information protection division’s tasks are managed and supervised by a C-level executive. The tasks are divided into three detailed areas which are technical security, privacy, and physical security. Each area is led by a manager, and in the case of physical security, we have allocated managers at the Headquarters and Andong L HOUSE respectively.

In addition, we have appointed a personnel with expertise in information protection as the Chief Information Security Officer (CISO), and put our effort to strengthen our capabilities to achieve a level of information protection management that corresponds to international standards.

자세한 내용은 하단 참고해 주세요. 자세한 내용은 하단 참고해 주세요.

정보보호 총괄 임원

  • 기술보안
    정보보호 책임자 (CISO)
    정보보호관리자
  • 개인정보보안
    개인정보보호 책임자 (CPO)
    개인정보보호관리자
  • 물리보안
    본사 물리보안 책임자
    본사 물리보안 관리자
    물리보안
    L HOUSE 물리보안 책임자
    L HOUSE 물리보안 관리자
Information Protection Goals

SK bioscience effectively and reliably protects corporate assets by controlling information leakage routes through information protection and specifying procedures and the roles and authorities of personnel in charge to ensure necessary security measures are implemented.

We conduct information protection activities that meet the standard requirements of international standards such as GMP, and strengthen our IT security control system and external data security by reflecting ISO 27001 standard which is the information protection and privacy management system. Since 2022, SK bioscience has maintained ISO 27001 certification, preemptively identifying risk factors in the field of information security. The Company adheres to the standards for publicly listed companies in Korea by annually disclosing transparent security activities through information protection disclosures.

Through these efforts, we are committed to enhancing our security capabilities at a global level and earning the trust of our global partners.

Prevention of and Response to Cybersecurity Incidents

To prevent and respond to cybersecurity incidents, SK bioscience conducts regular inspections of major systems and strengthens the security review process upon the introduction of new solutions. In addition, we conduct simulated phishing every half year to diagnose vulnerabilities and establish safe business systems through continuous management. At each simulation training, we send a total of two warning emails to employees who had their computers infected with malware and carry out PC scans and checks. In addition, we conduct DDoS simulation training in the second half of each year to check the detection and blocking abilities of our security systems and the availability of security equipment by conducting three simulated attacks consisting of prevalent and new attack types.

DDoS Simulation Training Procedure
자세한 내용은 아래div를 참고해주세요 자세한 내용은 아래div를 참고해주세요
  1. 공격장비 방어장비 구성
  2. DDoS 훈련대상 선정
  3. 공격 유형 설정
  4. 1차, 2차, 3차 공격 시도
  5. 탐지 및 차단 결과 확인
Information Security Activities and Training

SK bioscience’s company-wide IT system is kept safe from internal and external threats such as information leakage through remote control services provided by a professional security company.

To raise security awareness among all employees and prevent internal information leaks, we designate an annual 'Company-wide Security Day' to conduct self-inspections on life security, document security, and work devices, and impose penalties on security violators to prevent recurrence. We also share malicious/phishing email trends and new security threat cases with employees every month via the Company notice board, and continue our efforts to establish a security culture.

In addition, we regularly provide privacy and information security training to our employees, new hires, and business partners, and our training programs are updated annually to reflect the latest security issues. This allows us to provide customized security training by role and continuously strengthen our employees' security capabilities.