Information Security Management Framework
|Scope of Information||
Company's trade secret
Management information, technical information, intellectual property, etc.
Employees, customers, suppliers, and all relevant stakeholders
|Target Group||Employees, visitors, dayworkers, suppliers, and all personnel in contractual relations
with the company, pertaining to all global business sites
|Policy||Based on information security regulations, LG Energy Solution enacted enforcement rules that consist of the entities engaged in information security, such as employees, business partners, security organizations, and other related departments. Audits for Information Security Policy and System are conducted annually, in align with ISO certification surveillance and/or renewal.|
|Organization||In order to systematically carry out various information security management activities, LG Energy Solution has appointed the Chief Information Security Officer (CSO) and is operating an information security organization at the headquarters and each business site. In addition, through the information security meetings attended by the security personnel from all global business sites, we continuously share and discuss various security status and issues of each business site. We also hold information security committee meetings attended by the management and executive directors of relevant departments to ensure timely decision-making of the management.|
Privacy and Personal Data Protection
In terms of privacy protection, LG Energy Solution also conducts a security review in advance to check for any infringement of personal information and compliance issues. In addition, we appointed a privacy officer who is authorized to handle inquiries/complaints and relieve damages associated with privacy. We intend to further block all risk factors in a preemptive manner and bolster our security system to safeguard the personal information of employees, customers, business partners, and stakeholders.
Preventive and Responsive Activities to Information Security Incident
LG Energy Solution operates a security control system from the office area to process facility area, and continuously improves its security level and response capabilities by regularly inspecting and simulating security vulnerabilities and carrying out mock exercises in preparation of internal and external cyber-attacks. LG Energy Solution engages in various activities aimed at raising awareness of all the target groups on information security and preventing incidents.
In order to improve
- Conducting information security training and awareness raising activities
- Annual trainings for all employees (contract workers included)
- Customized trainings for respective target group such as new hires, prospective retirees, business partners, visitors, and national key technicians/personal information handlers
- Promoting information security accident cases to encourage employees to practice security awareness and partake in related activities