HYOSUNG TNC

Hyosung TNC has established and officially implemented a company-wide Information Security Policy, approved by top management, to minimize information security risks by defining clear roles and responsibilities. This policy is mandatory for all internal and external stakeholders, including employees, partner companies, on-site visitors, trainees, new hires, and contracted personnel. Furthermore, we continuously monitor changes in domestic and international information security laws and requirements to ensure our policy is regularly updated and remains compliant.

Hyosung TNC declares its commitment to information security as follows:
① We will strictly adhere to all information security rules and related regulations.
② We recognize the critical importance of information security and are fully committed to our responsibilities.
③ We will protect key information assets from illegal disclosure and unauthorized access.
④ We will enhance security awareness through ongoing information protection activities.
⑤ We will comply with all legal requirements concerning information security and uphold our responsibilities.
⑥ We will collect personal information lawfully and use it securely, strictly for its intended purposes.

Hyosung TNC has established and officially implemented a company-wide Information Security Policy, approved by top management, to minimize information security risks by defining clear roles and responsibilities. This policy is mandatory for all internal and external stakeholders, including employees, partner companies, on-site visitors, trainees, new hires, and contracted personnel. Furthermore, we continuously monitor changes in domestic and international information security laws and requirements to ensure our policy is regularly updated and remains compliant.

Hyosung TNC operates a comprehensive information security incident response system to ensure a swift reaction and minimize damage in the event of a security breach, such as a personal information leak. During routine business operations, we actively receive reports regarding any signs of security incidents. Any unauthorized access discovered through our system and network monitoring is immediately reported to the designated information security manager. In the case of a personal data breach, we adhere to all relevant laws, reporting the incident to the appropriate authorities within 72 hours. We also provide detailed notifications to the affected data subjects, outlining the specifics of the breach, including the items leaked, the timing, and the circumstances. Access to the compromised information—including viewing, correcting, or deleting it—is strictly controlled. Our dedicated information security department conducts a thorough analysis of the incident to identify the root cause and establish a detailed response plan. Following the initial response, a full report covering the cause, actions taken, and future preventative measures is prepared and submitted to the Chief Information Security Officer (CISO) to prevent any recurrence.

To enhance information security and improve operational efficiency, Hyosung TNC utilizes Hi-Cloud, our centralized internal document management system. The Hi-Cloud system enables the systematic management of all internal documents, facilitating seamless collaboration and information sharing to increase productivity. By centralizing the management of both individual and team documents, the system prevents data leakage through proactive controls over the storage and transfer of sensitive documents and by monitoring the entire document distribution process.

To proactively prevent cybersecurity incidents, Hyosung TNC conducts mock response drills for malicious emails and cyber attacks every quarter. Based on the results of these simulations, we provide tailored security training to our employees. This approach helps prevent security incidents and strengthens our workforce's overall incident response capabilities.

Hyosung TNC centrally manages and securely stores all logs generated from servers, network equipment, firewalls, and other security solutions to prevent their loss or alteration. We are continuously investing in enhancing our log storage and processing capabilities to maintain a stable prevention framework. By utilizing a SIEM (Security Information & Event Management) solution, we consolidate all logs, enabling our security team to take immediate action upon detecting any incident. This system undergoes regular audits to ensure its integrity and effectiveness.

To minimize security incidents such as personal data breaches, Hyosung TNC obtains consent from all external stakeholders before processing their personal information and transparently informs them of its use and handling. Internally, our personal information processing systems are inspected at least annually, including a review of primary data records. Furthermore, we provide our privacy policy in a visualized, infographic format. This approach helps customers and other external parties intuitively understand their data protection rights and the entire process, from the purpose of collection to the usage and eventual disposal of their personal information.

To defend against hacking and other cyber threats, Hyosung TNC operates a 24/7 security monitoring system. This system is managed by a team of dispatched experts from a specialized security firm. To prevent intrusion, data from our domestic operations is primarily stored on Hyosung TNC’s own secure equipment. The system includes real-time monitoring to promptly detect and respond to any signs of anomalous activity.

To strengthen our partner security management system, starting in 2025, Hyosung TNC will require all partners visiting our business sites to sign an Information Security Agreement. This measure is designed to prevent the leakage of our key information assets, such as core technologies and design plans, through our supply chain. We will also provide mandatory video training on information security for our partners' employees. Furthermore, new suppliers and external contractors will be required to sign our Partner Information Security Agreement.