Goto main

Social

Information Security

Information Security Management Policy and System

Information Security Policy and Certification

SK Gas has established and operates an information security management system to prevent the leakage of corporate information or personal data. We have a response process in place for suspected information breaches.

Policy
  1. 1Implementation and Inspection of Information Security Management System: SK Gas operates an information security management system and conducts regular inspections using internal and external experts to continuously improve information security operations.
  2. 2Establishment and Revision of Information Security Regulations and Guidelines: We regularly monitor changes in relevant processes and regulations to update our rules and guidelines.
Certification

In 2023, SK Gas obtained the Information Security Management System and ISMS-P (Personal information & Information Security Management System) certification for the SK LPG Membership. This certification process included inspections of the information security management system, analysis of information services and personal data handling, vulnerability diagnosis, and the establishment and implementation of action plans to verify security levels. We plan to maintain this certification through annual policy and status checks, risk assessments, and improvements.

Information Security Mangement Organization
Information Security and Personal Information Protection Departments

SK Gas has appointed a Chief Information Security Officer (CISO) who also serves as the Chief Privacy Officer (CPO), leading a collaborative information security team. The CISO, appointed under Article 45-3 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, operates a company-wide security management system and carries out activities related to information and personal data protection. To address common issues and tasks among organizations handling information security, we hold biannual working-level security meetings and convene the Information Security Committee, composed of senior security officials, at least once a year.

Information Security Organization Chart

See details below See details below
  • Information Security Committee

    • Information Security Committee Chair and Members
  • Working Group

    Information Security/Personal Information Protection Managers
    Information Security Officer
    Personal Information Protection Officer
    Departmental Personal Information Protection Officers
    Departmental Personal Information Protection Representatives
    Physical Security Manager
    Physical Security Officer

Information Security Activities and Compliance

Information Security Activities and Goals
Simulated Training

SK Gas conducts annual simulated phishing email training to prevent damage from malicious/phishing emails and to raise security awareness among employees. This involves sending emails containing malicious codes/links to all employees to check their responses, such as whether they open the emails or report infections. We also conduct scenario-based mock hacking and system vulnerability assessments to prevent information breaches.

Partner and Consignee Inspections

To prevent data breaches through Partner and consignee, SK Gas regularly inspects their security status. We identify and improve deficiencies across five areas and 40 items related to unauthorized use, data destruction, and security measures. Additionally, we perform quarterly monitoring for signs of data leakage and continuously check for data breaches by former employees.

Information Security Master Plan and Implementation

SK Gas has established a mid- to long-term master plan and implementation strategies to systematically protect and manage customer information. We aim to maintain a stable information security management system.

(Unit: %)

2023-2026 Information Security Master Plan and Implementation
Category Measurement Method 2023 2024 Target 2025 Target 2026 Target
ISMS-P Certification Certification Maintenance Obtained Maintain Maintain Renew
Information Security Disclosure Implementation Rate 100 100 100 100
Management System Operation Execution Rate 100 100 100 100
Annual Plan Establishment/Execution Reported to Management (Once a Year)
Risk Identification and Improvement Actions Certification Maintenance
Information Security Training Completion Rate 100 100 100 100
Information Security Compliance

SK Gas has had one data breach incident in the past three years.

2020-2023 Information Security and Data Breach Incidents
Category Unit 2020 2021 2022 2023
Data Breaches Total Number of Data Breaches Cases 1* - -
Number of Customer Information Beaches Cases - - -
Fines for Data Breach-Related Violation KRW thousand - - -
  • *In September 2020, the personal information of one job applicant was leaked, resulting in a corrective order from the Personal Information Protection Commission in July 2023.