Information Security Initiatives
The S-Pool Group's organizational strategy calls for enhancing the management foundations based on ESG. Under the priority topic of “governance,” it declares that we will carry out thorough compliance and information security.
In response to the recent growth in cybersecurity incidents involving unauthorized access and internal information leaks, the entire Group is committed to working as one to ensure data security to protect the confidential information belonging to our customers and business partners.
Information security management structure
Responses to organization-wide risks, including those related to information security, are examined in the Board of Directors' meetings and monthly Group conferences. In addition, we have established a security team in the information systems section to respond to security incidents on a daily basis and to review regulations and guidelines, promoting systematic and technological response to risks.
Maintenance of regulations on information security
The risk management regulations set forth fundamental policies and management structures for business execution risks affecting S-Pool, Inc. and the S-Pool Group. They play a central role in our efforts to establish, promote awareness of, and thoroughly implement clear policies and rules on the handling of information assets.
Auditing structure
The internal audit section implements audits of compliance with regulations and rules as well as appropriate improvements.
Improvement of organizational information security literacy
We provide employees with training and education on information security to ensure operations based on appropriate literacy in such matters. Ongoing efforts in this area include information security training provided when employees join the company and periodically thereafter, training on response to targeted email attacks, and companywide awareness-raising and individual guidance in response to incidents.
Technological information security measures
We undertake comprehensive measures to ensure the confidentiality, integrity, and availability of information assets. Each site deploys ID cards, fingerprint recognition, and facial recognition to implement the physical management of confidentiality. Intruders are promptly identified by an alert system; backbone systems are monitored to prevent intrusion from the Internet. In addition, systems are in place to detect unauthorized alteration of server data. Based on the integrated management system of information devices, policies controlled by administrators are automatically applied. Security patches are applied in a timely manner, while anti-malware software incorporating deep learning technology safeguards against information leaks.
Acquisition of third-party certification
S-Pool, Inc. and certain subsidiaries are authorized to use the Privacy Mark as companies certified to handle personal information appropriately. S-Pool Glocal, Inc., a subsidiary whose businesses include the operation of BPO call centers for local governments, has earned certification of ISO 27001 international standard for information security management systems (ISMS).
Protection of personal information
The S-Pool Group collects customer personal information through appropriate methods, complies fully with the Act on the Protection of Personal Information and other applicable laws and regulations, and appropriately protects, maintains, and manages such information. We disclose our Privacy Policy and Policy on Handling of Personal Information on our website. When collecting information directly through our website or other means, we clearly indicate the purposes of use at all times and obtain user consent before collecting the information. We manage this information based on our basic policies.