cowaysustainability

KOREAN
Home > Sustainability Mangement > Customers

Customers

프린트


Optimized Maintenance for Information Protection Management

Coway has collected many customers’ personal information according to the characteristic of rental business. In addition, as the online sales channel has been gradually expanded, a necessity has arisen to establish a proper information protection system for inflow and handling path of diversified customer information. Accordingly, Coway has appointed a Chief Privacy Officer(CPO) to streamline the organization and system. Especially in 2015, Coway strengthened the establishment of integrated security control system regarding data center and the environmental control for the man in charge of critical information.


정보보호 추진 조직
정보보호 체계

Strengthening Information Management Infrastructure


Establishment of Integrated Security Control System

Coway has established an integrated security control system that collects, distributes and controls the log of entire system with IDC* to handle scattered customers’ personal information safely. Through this, efficient control response and surveillance have become available. In addition, Coway has established a check and improvement system for weak point of IDC server system to automatically diagnose and supplement weak point monthly. As a result, the security level in 2015 was 98%, which was improved by 3% compared to the previous year, but also by completing the supplement of remaining weak points, a protection system for customers’ personal information was strengthened. In the future, Coway shall apply IDC to the entire system and establish a real time monitoring system for the security weak point.

*IDC(Internet Data Center)


Rearrangement and Control Reinforcement of Personal Information Handling Process

Most of recent domestic leaks in customer personal information have occurred by personal information handling personnel and IT partners. Coway has established VDI* to personal information handling personnel and partners to prevent such leaks and progressed all works through VDI to block external leak of critical information. In addition, Coway has not only diagnosed and supplemented security weak points by conducting simulated hacking, but has also improved the response competency against invasion.

*VDI(Virtual Desktop Infrastructure)
Solution to provide a virtual desk top and data storage space
for each user utilizing server resource that is operating central to virtual
Especially, it is safe from hacking risk and possible to block data leak fundamentally

Inspiring Security Awareness of Staffs & Employees


Information Protection Education

Coway has strengthened not only the competency of information protection in technical view but also the information security through the enhancement of information protection awareness of employees. In 2015, Coway conducted the education for company’s information protection policy, information protection related law revision and misuse cases and enhanced its effectiveness by specifying online education for each duty. Coway is planning to upgrade the educational contents for easy understanding and to strengthen the internal sanction against the violation of security matters.

정보보호 교육 주요 성과
정보보호 교육 주요 성과
The No. of Implementing Information Protection Diagnosis
45times
정보보호 교육 주요 성과
The No. of employees educated in Information Proctection
2,781
정보보호 교육 주요 성과
Tracking out and Monitoring an invasion
24hours

Information Protection Diagnosis

Coway has implemented the information protection diagnosis by specifying into frequent and regular system diagnoses and conducted monitoring on the procurement status of personal information in PC and the system access record of personal information handling. Coway conducted total 45 times of diagnosis in 2015, and identified security procedure violations were corrected and supplemented by 100%. In addition, Coway paid a direct visit to major business sites to proceed with the system diagnosis through actual condition check and IDC simulated hacking to induce employees of each business site to proceed with security activities voluntarily.