Information Security Policy

Last updated: September 1, 2025

To protect information assets from various threats and manage them appropriately, we establish the following policies。

1. Purpose

We maintain confidentiality, integrity, and availability to ensure stable service and customer trust。

2. Governance and responsibility

• Under leadership of management, we appoint an information security officer and continuously improve。
• We continuously provide education and awareness programs to employees and stakeholders。

3. Policy operation

• Proper access control (principle of least privilege)
• Protect endpoints and networks, anti‑malware, apply patches
• Perform backups and maintain recovery procedures
• Log acquisition, retention, and audit
• Management of contractors (confidentiality and security clauses defined by contract)

4. Incident response

If an information security incident occurs or signs are detected, we will promptly investigate the cause, prevent further damage, recover, and report to relevant authorities as necessary。

5. Compliance with laws and regulations

We comply with the Act on the Protection of Personal Information and other relevant laws, guidelines, and internal rules。

6. Continuous improvement

We evaluate operations through inspections, audits, and reviews, and make improvements as necessary。