Information security violations such as cyberattacks and hacking are increasing as digital transformation takes place.
Accordingly, GS Energy recognizes the need to strengthen the information protection management system and proactively establishes the information protection system.
We operate an information protection management system in accordance with the stipulated information protection regulations, and we review the status of information protection once a year to reflect the improvements.
- Chief Information Protection Officer
- Information Protection Officer
· Compliance with legal requirements such as the Personal Information Protection Act
· Review and keep evidence of the use and destruction of personal information by team security officers and security personnel
- 01
- We will keep and manage the company's business information, technical information, business information, business secrets, and other information of economic value as confidential and will not be used for any purpose other than the company's business.
- 02
- To protect confidential information, we will not bring unauthorized equipment or software without the approval of the company.
- 03
- To protect confidential information, we agree to collect information and search for contents conducted by the company's information security department.
- 04
- Upon retirement, I will return the original, copy, and pass of all confidential information I manage to the company.
- 05
- We will not illegally bring information managed by third parties into the company, and we will not leak third-party confidential information that the company is obligated to maintain confidentiality to the outside world or use it for purposes other than work.
- 06
- We will comply with all business regulations and job instructions, including the company's information security regulations.
Information protection education including personal information protection is provided once a year to employees of employees and business partners.
| Category | 2020 | 2021 | 2022 |
|---|---|---|---|
| Training time | 155 | 169 | 200 |
| Personnel | 155 | 169 | 200 |
Unit : hours, people
GS Energy strictly manages information protection by blocking all infiltration paths other than the DMZ section* through a firewall. The DMZ section uses the control services of companies specializing in information protection and monitors the export of in-house information.
In addition, we operate a backup system and conduct disaster recovery simulation training to prepare for infringement incidents such as ransomware, and conduct mock hacking to confirm the robustness of the system when building a new external system.
* DMZ (Demilitarized Zone) : Areas that perform access restrictions between internal and external network segments to protect internal resources when providing services to the outside world
| Category | 2020 | 2021 | 2022 |
|---|---|---|---|
| Privacy | 0 | 0 | 0 |
| Corporate data | 0 | 0 | 0 |