Information Security

Mando has established an information security management system and runs an exclusive organization responsible for information security,
fully supporting hands-on information security activities. Mando executes strict inspection activities based on the information security management
system to protect important information assets and customer information. As the first step, Mando ensures that its employees and all stakeholders
comply with the security regulations to protect information assets and customer security.

Information Security Management System

Governance

  • Security operation system
  • IT infra security system
  • Personal information
    protection system
Risk
management
system
Security
compliance
response
system

Management
Policy

  • Regular Continual
    revision of security
    policies
  • Organization with
    expertise and
    independence
  • Security training and
    promotion of awareness
  • Security inspection and
    change control
  • Response to security
    infringements and
    handling of violators

Management
Process

Establishment of
standard security
procedures in each area
  • Training
  • System operation
  • IT development security
  • Handling of exceptions
  • Access, carry-in,
    carry-out
  • Infringements

Unit of Information
Security Management

Persons

Security management
related to employees
and stakeholders
  • New employees
  • Researchers
  • IT personnel
  • Retirees
  • Partners’ workers
  • Persons in charge
    of security

Technologies

Establishment of IT
security architecture
  • Server
  • Database
  • IT network
  • Application
  • PC
  • Mobile

R&D Security Management

Mando implements special security diagnoses to strengthen the security management of R&D, the core function of Mando.
Mando established security operation standards along with improved security vulnerabilities of R&D systems, such as collaboration solutions.

Security Management for IT Systems

Mando performs annual security diagnosis on IT systems to prevent information leakage accidents. Mando regularly conducts monthly mock hacking
(to check for vulnerabilities) on web systems that are accessible from outside, as part of efforts to prevent information leakage accidents.

Protection of Personal Information

Mando has established methods of clarifying and systematizing responses to personal information protection laws in Korea and overseas.
Mando continuously strives to comply with relevant laws through the reflection of amendments to laws,
personal information protection training, the inspection of conditions, and improvement.