Information Security
Information Security Policy
Policy & Management System
SK Gas has established and operates an information security management system to prevent the leakage of corporate information or personal data. We have a response process in place for suspected information breaches.
Policy
- 1Implementation and Inspection of Information Security Management System: SK Gas operates an information security management system and conducts regular inspections using internal and external experts to continuously improve information security operations.
- 2Establishment and Revision of Information Security Regulations and Guidelines: We regularly monitor changes in relevant processes and regulations to update our rules and guidelines.
Management System
In 2023, SK Gas obtained the Information Security Management System and ISMS-P (Personal information & Information Security Management System) certification for the SK LPG Membership. This certification process included inspections of the information security management system, analysis of information services and personal data handling, vulnerability diagnosis, and the establishment and implementation of action plans to verify security levels. We plan to maintain this certification through annual policy and status checks, risk assessments, and improvements.
ISMS-P (Personal information & Information Security Management System)
Governance
SK Gas has appointed a Chief Information Security Officer (CISO) who also serves as the Chief Privacy Officer (CPO), leading a collaborative information security team. The CISO, appointed under Article 45-3 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, operates a company-wide security management system and carries out activities related to information and personal data protection. To address common issues and tasks among organizations handling information security, we hold biannual working-level security meetings and convene the Information Security Committee, composed of senior security officials, at least once a year.
Information Security Organization Chart
-
Information Security Committee
- Information Security Committee Chair and Members
-
Working Group
- Information Security/Personal Information Protection Managers
- Information Security Officer
- Personal Information Protection Officer
- Departmental Personal Information Protection Officers
- Departmental Personal Information Protection Representatives
- Physical Security Manager
- Physical Security Officer
Information Security Strategy
Roadmap
Simulated Training
SK Gas annually conducts simulated phishing email training across all members to prevent damage from malicious/phishing emails and enhance employee security awareness. This involves sending emails containing malicious codes/links to assess response behaviors, such as email opening and infection reporting. Furthermore, scenario-based mock hacking and company-wide system vulnerability assessments are performed to proactively prevent information breaches.
Partner and Consignee Inspections
To prevent personal data breaches through our Partners and consignees, SK Gas regularly inspects and improves their security posture. We conduct quarterly monitoring for unusual data outflow and consistently check for data breaches by former employees.
Information Security Campaigns and Training
To enhance employees' information security awareness, SK Gas conducts information security campaigns every quarter and provides annual information security training to all members.
Information Security Master Plan and Implementation
To systematically protect and manage customer information, SK Gas has established a mid-to-long-term master plan and implementation roadmap, and accordingly operates a robust information security management system. The progress and future goals of this master plan are disclosed in our ESG Data Hub.
Information Security Compliance
SK Gas is committed to lawfully processing and securely managing personal information in compliance with the Personal Information Protection Act and relevant laws to safeguard the freedoms and rights of data subjects. Our Personal Information Processing Policy is available on the company website, and any instances of personal data breaches are disclosed through our ESG Data Hub.