Social
Information
Security


Information Security
Due to the changes in business and information technology, information security issues are constantly evolving. In order to effectively respond to the evolving information security issues, organizations need to proactively strengthen their information security systems. Especially given that information is an intangible asset with inherent value and that organizations create business by sharing information internally and externally, it is important to understand the flow of information in the process of operations and accurately identify points where information security risks may occur.
Hyosung TNC has established information security regulations and operational standards to prepare for information security risks arising from external cyber threats or internal data leaks. They have also established an organizational structure for monitoring and enforcing these regulations. Additionally, we engage in various activities such as security log reviews and the implementation of multifunction devices with security solutions to prevent the leakage of critical internal information.
-
Information Security Management System
-
Information Security Policy
Hyosung TNC has established and officially implemented a company-wide Information Security Policy, approved by top management, to minimize information security risks by defining clear roles and responsibilities. This policy is mandatory for all internal and external stakeholders, including employees, partner companies, on-site visitors, trainees, new hires, and contracted personnel. Furthermore, we continuously monitor changes in domestic and international information security laws and requirements to ensure our policy is regularly updated and remains compliant.
-
Our Commitment to Information Security
Hyosung TNC declares its commitment to information security as follows:
① We will strictly adhere to all information security rules and related regulations.
② We recognize the critical importance of information security and are fully committed to our responsibilities.
③ We will protect key information assets from illegal disclosure and unauthorized access.
④ We will enhance security awareness through ongoing information protection activities.
⑤ We will comply with all legal requirements concerning information security and uphold our responsibilities.
⑥ We will collect personal information lawfully and use it securely, strictly for its intended purposes.
-
Information Security Governance
Hyosung TNC has established and officially implemented a company-wide Information Security Policy, approved by top management, to minimize information security risks by defining clear roles and responsibilities. This policy is mandatory for all internal and external stakeholders, including employees, partner companies, on-site visitors, trainees, new hires, and contracted personnel. Furthermore, we continuously monitor changes in domestic and international information security laws and requirements to ensure our policy is regularly updated and remains compliant.
Role Roles and Responsibilities Chief Information Security Officer (CISO) · Oversees and directs all information security operations.
· Supports legally mandated security activities.Chief Privacy Officer (CPO) · Manages all personal information protection operations.
· Supervises compliance with privacy-related laws and regulations.Site Security Manager · Conducts information security tasks at the business site, including security inspections. Team Security Manager · Manages and supervises the team's adherence to information security policies. Team Security Representative · Disseminates security training and news, and shares security-related issues.
-
Information Security Incident Response
Hyosung TNC operates a comprehensive information security incident response system to ensure a swift reaction and minimize damage in the event of a security breach, such as a personal information leak. During routine business operations, we actively receive reports regarding any signs of security incidents. Any unauthorized access discovered through our system and network monitoring is immediately reported to the designated information security manager. In the case of a personal data breach, we adhere to all relevant laws, reporting the incident to the appropriate authorities within 72 hours. We also provide detailed notifications to the affected data subjects, outlining the specifics of the breach, including the items leaked, the timing, and the circumstances. Access to the compromised information—including viewing, correcting, or deleting it—is strictly controlled. Our dedicated information security department conducts a thorough analysis of the incident to identify the root cause and establish a detailed response plan. Following the initial response, a full report covering the cause, actions taken, and future preventative measures is prepared and submitted to the Chief Information Security Officer (CISO) to prevent any recurrence.
-
Information Security Activities
-
Hi-Cloud (Centralized Internal Document Management System)
To enhance information security and improve operational efficiency, Hyosung TNC utilizes Hi-Cloud, our centralized internal document management system. The Hi-Cloud system enables the systematic management of all internal documents, facilitating seamless collaboration and information sharing to increase productivity. By centralizing the management of both individual and team documents, the system prevents data leakage through proactive controls over the storage and transfer of sensitive documents and by monitoring the entire document distribution process.
-
Phishing and Cyber Attack Simulations
To proactively prevent cybersecurity incidents, Hyosung TNC conducts mock response drills for malicious emails and cyber attacks every quarter. Based on the results of these simulations, we provide tailored security training to our employees. This approach helps prevent security incidents and strengthens our workforce's overall incident response capabilities.
-
Integrated Log Management System
Hyosung TNC centrally manages and securely stores all logs generated from servers, network equipment, firewalls, and other security solutions to prevent their loss or alteration. We are continuously investing in enhancing our log storage and processing capabilities to maintain a stable prevention framework. By utilizing a SIEM (Security Information & Event Management) solution, we consolidate all logs, enabling our security team to take immediate action upon detecting any incident. This system undergoes regular audits to ensure its integrity and effectiveness.
-
Privacy Policy
To minimize security incidents such as personal data breaches, Hyosung TNC obtains consent from all external stakeholders before processing their personal information and transparently informs them of its use and handling. Internally, our personal information processing systems are inspected at least annually, including a review of primary data records. Furthermore, we provide our privacy policy in a visualized, infographic format. This approach helps customers and other external parties intuitively understand their data protection rights and the entire process, from the purpose of collection to the usage and eventual disposal of their personal information.
-
24/7 Security Monitoring System
To defend against hacking and other cyber threats, Hyosung TNC operates a 24/7 security monitoring system. This system is managed by a team of dispatched experts from a specialized security firm. To prevent intrusion, data from our domestic operations is primarily stored on Hyosung TNC’s own secure equipment. The system includes real-time monitoring to promptly detect and respond to any signs of anomalous activity.
-
Partner Information Security
To strengthen our partner security management system, starting in 2025, Hyosung TNC will require all partners visiting our business sites to sign an Information Security Agreement. This measure is designed to prevent the leakage of our key information assets, such as core technologies and design plans, through our supply chain. We will also provide mandatory video training on information security for our partners' employees. Furthermore, new suppliers and external contractors will be required to sign our Partner Information Security Agreement.
-
Information Security Training
Hyosung TNC conducts mandatory annual Information Security and Privacy Training for all employees to enhance security awareness and share the latest security intelligence. The curriculum covers essential topics such as company security policies, email security, and proper PC management. Our Privacy Protection Manager establishes the annual training plan, reviewing its effectiveness and identifying areas for improvement to incorporate into the following year's curriculum. Training is delivered through various methods, including in-person classes, online courses, and our groupware platform, to maximize accessibility. In the event of a significant privacy-related incident or regulatory change, we conduct special ad-hoc training for all employees who handle personal information. When necessary, we invite experts from external professional organizations to lead these sessions.