Information Security | Realizing Sustainability Governance | Mutual Benefit | Shin Kong Life Sustainability
Information Security
Information Security Organization
Shin Kong Life Insurance has made a commitment to the protection of customers, and continues to promote the culture of information security. The Company established a dedicated information security unit with independent authority that is responsible for planning, monitoring, and implementing information security management. The Company further appointed a Chief Information Security Officer in September 2021 to oversee policy implementation and resource allocation, significantly improving execution ability for information security and personal data protection issues.
The Company established an Information Security Committee responsible for overseeing the basic guidelines and major projects related to information security and personal data protection management. The Information Security and Personal Data Protection Division was established under the Information Security Committee to lead the planning, coordination, and implementation of information security and personal data protection operations. The abovementioned organizations meet once a quarter in principle. The Information Security Committee convened a total of 4 meetings in 2022, and the Information Security and Personal Data Protection Division convened 4 meetings as well, in order to ensure that information security and personal data protection issues are properly communicated and coordinated for implementation.
Board of Directors
Personal Data Protection Policy
Information Security Management Policy
Information Security Assessment Plan
Annual Information Security Implementation Status
Information Security Committee
Information Security and Personal Data Protection Promotion Team
Information Security Management Strategy
- Continue to obtain international certification for information security
- Policy promulgation and implementation of regulatory compliance
- Customer Data Protection and Storage
- Joint Information Security Defense
- Education and Training
Information Security Incident Informimg and Handling Mechanism
SKL has established the "Emergency Reporting Regulations", "Guidelines for Information Security Incident Reporting and Response Management", "Guidelines for Response to Personal Information Breaches", etc. In the event of a data security incident or personal information breach, the Company shall follow the relevant procedures for reporting. In addition, in order to ensure the complete protection of information systems and information security management, black box penetration testing, service interruption attack drills, etc. are conducted annually, and professional institutions are commissioned to conduct overall information security assessment to strengthen the information security level. There were no urgent incidents related to information security attacks or personal data breaches in 2022, and there were no complaints from the competent authorities or verified violations of customer privacy from external sources.
SDGs
