Information Security
Information Security Management Policy and System
Information Security Policy and Certification
SK Gas has established and operates an information security management system to prevent the leakage of corporate information or personal data. We have a response process in place for suspected information breaches.
Policy
- 1Implementation and Inspection of Information Security Management System: SK Gas operates an information security management system and conducts regular inspections using internal and external experts to continuously improve information security operations.
- 2Establishment and Revision of Information Security Regulations and Guidelines: We regularly monitor changes in relevant processes and regulations to update our rules and guidelines.
Certification
In 2023, SK Gas obtained the Information Security Management System and ISMS-P (Personal information & Information Security Management System) certification for the SK LPG Membership. This certification process included inspections of the information security management system, analysis of information services and personal data handling, vulnerability diagnosis, and the establishment and implementation of action plans to verify security levels. We plan to maintain this certification through annual policy and status checks, risk assessments, and improvements.
ISMS-P (Personal information & Information Security Management System)
Information Security Mangement Organization
Information Security and Personal Information Protection Departments
SK Gas has appointed a Chief Information Security Officer (CISO) who also serves as the Chief Privacy Officer (CPO), leading a collaborative information security team. The CISO, appointed under Article 45-3 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, operates a company-wide security management system and carries out activities related to information and personal data protection. To address common issues and tasks among organizations handling information security, we hold biannual working-level security meetings and convene the Information Security Committee, composed of senior security officials, at least once a year.
Information Security Organization Chart
-
Information Security Committee
- Information Security Committee Chair and Members
-
Working Group
- Information Security/Personal Information Protection Managers
- Information Security Officer
- Personal Information Protection Officer
- Departmental Personal Information Protection Officers
- Departmental Personal Information Protection Representatives
- Physical Security Manager
- Physical Security Officer
Information Security Activities and Compliance
Information Security Activities and Goals
Simulated Training
SK Gas conducts annual simulated phishing email training to prevent damage from malicious/phishing emails and to raise security awareness among employees. This involves sending emails containing malicious codes/links to all employees to check their responses, such as whether they open the emails or report infections. We also conduct scenario-based mock hacking and system vulnerability assessments to prevent information breaches.
Partner and Consignee Inspections
To prevent data breaches through Partner and consignee, SK Gas regularly inspects their security status. We identify and improve deficiencies across five areas and 40 items related to unauthorized use, data destruction, and security measures. Additionally, we perform quarterly monitoring for signs of data leakage and continuously check for data breaches by former employees.
Employee Information Security Training
SK Gas provides annual information security training for all employees. In 2023, all employees completed online training on personal data protection, industrial security, and information security.
Information Security Master Plan and Implementation
SK Gas has established a mid- to long-term master plan and implementation strategies to systematically protect and manage customer information. We aim to maintain a stable information security management system.
(Unit: %)
| Category | Measurement Method | 2023 | 2024 Target | 2025 Target | 2026 Target |
|---|---|---|---|---|---|
| ISMS-P Certification | Certification Maintenance | Obtained | Maintain | Maintain | Renew |
| Information Security Disclosure | Implementation Rate | 100 | 100 | 100 | 100 |
| Management System Operation | Execution Rate | 100 | 100 | 100 | 100 |
| Annual Plan Establishment/Execution | Reported to Management (Once a Year) | ||||
| Risk Identification and Improvement Actions | Certification Maintenance | ||||
| Information Security Training | Completion Rate | 100 | 100 | 100 | 100 |
Information Security Compliance
SK Gas has had one data breach incident in the past three years.
| Category | Unit | 2020 | 2021 | 2022 | 2023 | |
|---|---|---|---|---|---|---|
| Data Breaches | Total Number of Data Breaches | Cases | 1* | - | - | |
| Number of Customer Information Beaches | Cases | - | - | - | ||
| Fines for Data Breach-Related Violation | KRW thousand | - | - | - | ||
- *In September 2020, the personal information of one job applicant was leaked, resulting in a corrective order from the Personal Information Protection Commission in July 2023.