Personal Information Protection and Security

SK Speedmate deeply recognizes the importance of personal information and IT service security, and safely protects the information of the company, including customers.

The head of the AI/DT Innovation Group is designated as CISO (Chief Information Security Officer), a dedicated officer for information security, and CPO (Chief Privacy Officer), a dedicated officer for personal information protection, overseeing related tasks.

Accordingly, we operate the Information Security Committee and working-level council, and through information security-related activities such as information security education for members, we prevent data leakage or theft of corporate data and complaints related to information security in advance.

Information Security Committee /Security Working Council Organization Chart

Chief Information Security Officer (CISO)

Information Security Committee

Advisor Group

Security Working Council

Company-wide Information Security Organization

Business-specific Information Security Organization

Information Security Goal RoadMap

To proactively respond to the increasing internal and external security threats due to the rapidly changing IT environment, we are establishing and implementing mid- to long-term information security strategies and detailed implementation tasks to secure better corporate competitiveness and customer trust.

2026

Expansion of Digital Tech Security Management Area

Digital Tech-centered information protection certification
Acquisition of ISMS/ISMS-P certification

*Expansion of Cloud service area security

2027

Establishment of AI-based Security Management System

Strengthening AI-based cyber attack response

*Dark web monitoring, vulnerable information assets (ASM) response, etc.

2028

Securing Global-level Certification System

Expansion of global information security certification
(ISO/IEC 27001, 27701)

Information Security Guidelines

SK Speedmate has established company-wide personal information protection/information security regulations to safely protect and thoroughly manage all personal information it handles. Personal information management of all stakeholders, including members, external company employees, and visitors, is processed in accordance with these regulations.

In addition, through IT service/security management regulations and rules, we protect valuable information assets by preventing damage, forgery, alteration, theft, and leakage of information assets. These regulations apply to all departments, employees, and partners related to information handled by SK Speedmate and information systems that collect, process, transmit, store, and manage such information, ensuring safety from various threats.

Security Incident Response

Personal Information Incident Response Procedure

Notification of incident occurrence*

Post incident information on the website for 7 days or more
Notify data subjects and report to specialized agencies within 24 hours

Review after improvement
(Committee and Board of Directors)

Establish post-incident evaluation and recurrence prevention measures within 1 month after incident closure

Conduct simulation training and report results

*Reporting procedure: Incident recognizer > Superior team leader and company-wide personal information department manager > Superior team leader and company-wide risk management department manager > CPO and related department team leaders/executives > CEO and holding company executive

Prevention of Information Protection and Personal Information Protection Violations

SK Speedmate recognizes the importance of customer personal information and implements thorough protection activities for safe management. When personal information is included in all business processes, we specify that the personal information protection policy applies and register and protect the purpose and reason when using personal information.

Enhancing Member Security Awareness

We announce information security-related regulations when they are enacted or revised so that all members can be aware of them, and post them for constant confirmation. We also inform members of major legal and internal policy changes through regular information security campaigns. All members sign an information security pledge every year and complete online information security mandatory education at least once a year. In addition, we strengthen members' security awareness through periodic simulation training, document security management, and on-site inspections.