POSCO E&C announced on the 10th that it has obtained the 'Information Security and Personal Information Protection Management System Certification (ISMS-P Certification),' the highest level of security management system certification in Korea.
Kim Myung-jun, Head of CS at POSCO E&C (from left), Kwon Young-gyun, Head of Legal Affairs, Shin Kyung-chul, Head of Management Support Division, and Lee Geun-bae, Head of Information Security Group, are posing for a commemorative photo celebrating the acquisition of the Information Security and Personal Information Protection Management System Certification (ISMS-P Certification). / Photo by POSCO E&C
The ISMS-P certification is a system that evaluates whether a company can effectively respond to cyber intrusion threats and whether the company's information protection system and customer personal information protection management system are properly operated. It is certified by the Korea Internet & Security Agency (KISA) according to the joint notification standards of the Ministry of Science and ICT and the Personal Information Protection Commission.
To obtain the ISMS-P certification, a company must pass a conformity assessment of a total of 101 items, including the management system area, which means the establishment, operation, and improvement of policies; the technical protection measures area, such as asset management and security systems; and the personal information lifecycle protection measures area, including the collection, use, and destruction of personal information.
POSCO E&C has additionally acquired the ISMS-P certification on top of its existing international information security standard, the Information Security Management System (ISO27001) certification.
POSCO E&C conducts rigorous security inspections every year, including regular and ad-hoc simulated hacking of all internal and external systems. In particular, it plans to strengthen education and inspections for partner companies entrusted with customer information of The Sharp.
A POSCO E&C official stated, "With growing concerns about personal information leaks recently, we have raised the level of administrative and technical security so that customers can feel secure," adding, "We will also strengthen education and inspections for partner companies that manage customer information together to establish a high-level information security system."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
