웅진 서스테인어빌리티

    Kr

    홈으로

      Information Protection Principle and System

      Woongjin Coway is reinforcing the information protection system by considering the characteristics of a rental business, which collects personal information of many customers. For this aim, we operate the management system for the overall lifecycle from collection to disposal of information and establish concrete items for information protection, including managerial, technical and physical sectors. In addition, we have modified the information protection policy to the principle and guideline of information protection to allow realistic and easy application of policy to actual work.

      Information Protection Organization

      Woongjin Coway operates an information protection organization based on the Chief Privacy Officer(CPO) and ICT Strategy Division and establishes the integrated management system in the information sector to enhance efficiency in information protection and management. In addition, we strive to encourage all employees to participate in the information protection system more autonomously and proactively through distinct sharing of work in the organization. In particular, we operate the Information Protection Committee and review and resolve important issues related to information protection.
      Business Case
      Certification of Information Protection
      With the aim of protecting customer information assets safely, Woongjin Coway has renewed the domestic certification system ISMS(Information Security Management System) and acquired ISO 27001, which is the international standard for information protection management system.

      Domestic certification ISMS

      After the initial acquisition in 2014, a renewal review was conducted in 2017. Three years after the renewal, a follow-up review will be conducted in 2019.

      ISMS

      Global certification

      As three years have currently passed after the initial acquisition in 2017, a follow-up review will be carried out in 2019.

      ISO27001

      Major Activities for Information Protection


      Collection of customer
      information

      • Reinforcing the procedure of authentication in signing a contract
      • Selective agreement in collecting customer information for the purpose of marketing


      Storage and utilization
      of information

      • Storing encrypted personal information in DB
      • Storing encrypted important documents in employees’ PCs


      Disposal of customer
      information

      • Operating the document disposal process through an external specialized company
      • In case of providing suppliers with information, collecting a confirmation statement for disposal after achieving its purpose
      Current Status of Information Protection Activities in 2018
      Category Description Major activities and performances in 2018
      Operation of information protection management system
      • Operating information protection management system
      • Reinforced information protection system
      • Maintained the certificate of ISMS and ISO27001 to deal with government regulations and reinforced management
      • Simplified information protection regulations for easy application to actual work
      IDC¹
      • Mock hacking(twice a year), diagnosis of vulnerabilities(once a year)
      • Training for infringement incident response(once a year)
      • Diagnosed vulnerabilities in the total system and took measures
      • Implemented mock training for infringement incidents and disaster recovery
      Personal information and DB
      • Encryption of personal information
      • Controlling and managing DB data
      • Operated the system to monitor abnormal symptoms in personal information
      • Produced and distributed a personal information guide
      • Improved the process to collect personal information and agreement
      PC and document security
      • Operating PC security system
      • Operated Advanced Persistent Threat(APT) prevention system
      • Established the basis for PC central management system
      Employee
      • Receiving information protection education and training
      • Provided employees with online education
      • Offered offline education for executives, new employees and production workers
      • IDC(Internet Data Center): Woongjin Coway establishes the integrated security control system to collect and manage total system logs, deals with dispersed customer personal information more safely and monitors information more efficiently.
      Training for Disaster Recovery Response
      Woongjin Coway conducts training to handle disaster recovery to verify the accuracy of disaster recovery system and procedure under the assumption of any potential attack from outside. Through the training, we mandatorily implement verification from judgment to completion of recovery based on the procedure, including checking the operation of damaged server, file system and integrity
      Training for Infringement Incident Response
      Woongjin Coway conducts training to deal with infringement incidents to verify response procedure and capability under the assumption of infringement incidents on the web server. We carry out training based on the procedure from recognition to response and recovery, check vulnerabilities in the system and establish preventive measures.

      Headquarters : 100-759, 17F, JoongAng Ilbo Bldg., 88, Seosomun-ro, Jung-gu, Seoul
      Business Site : 136-23, Yugumagoksa-ro, Yugu-eup, Gongju-si, Chungcheongnam-do