Organization Dedicated to Information Security
To minimize information security risks and proactively respond to incidents, LX MMA has appointed security officers to performs security activities such as establishing information security plans, monitoring the relevant regulations and conducting security inspections. We appoint one security manager (team leader) and one security officer for each team in the company, who convene once a year for an Information Security Committee meeting to share their security activities conducted that year. In addition, we consistently collect and share each team’s information security-related demands and requests at this committee meeting, which helps us maintain an effective security management system. LX MMA is planning to gradually reinforce the company’s information security management system through measures that include regularly inspecting our information security management level with the aid of our information security personnel, and carrying out in-house training and promotions to enhance our employees’ security competencies.
Information Security Activities
1. Establishment of an Information Security Policy
LX MMA strives to raise awareness of information security among its employees by establishing a systematic information security policy that includes Security Audit Guidelines, Information Security Rules, Operating Guidelines for Information Security Organization, Asset Management Guidelines, and Security Incident Response Guidelines. In addition, all employees are required to annually sign a Security Pledge and a Consent Form on the Use and Third-Party Disclosure of Personal Information.
2. Physical Security System in Business Sites
LX MMA’s Seoul Office permits access only to people who have been authorized in advance through the access control system. All people that exit the building are subject to a security search, to fully prevent any information leakages through laptops or data storage devices such as USB flash drives. Employees are required to install a Mobile Device Management (MDM) app – a mobile application that automatically activates the company’s security policy – on all their smart devices, in order for us to rigorously safeguard our data against leakages through any means including photographs. We also prevent any possibility of information leakages by installing security solutions, such as spam blockers and antivirus software, on our employees work PCs, encrypting electronic documents, and monitoring outgoing emails to enhance the security of the PCs in our work premises.
3. Performing Security Inspections
We conduct rigorous security inspections of our Seoul Office and Yeosu Plants through our security consulting provider. A data lifecycle analysis on personal information, inspections of weak points in our security infrastructure, and penetration tests are performed, through which we identify the company’s data security level and address problem areas. We also continuously monitor the security related to our business site access and the current status of our server rooms. These activities represent how diligently we are conducting policy, technology and administration-related protection measures relating to the company’s security environment.
