Social Value Initiative
AhnLab, as a specialized information security company, clearly recognizes the importance of information and personal data protection and strives to fulfill its social responsibility in this regard. Through these efforts, AhnLab aims to enhance not only the sustainability of the company but also to contribute to a world with 'More security, More freedom.’
More Security, More Freedom (by 2030)
- ㆍContinuously enhance our information protection and personal data protection management systems through internal security consulting, ISMS&ISMS-P, ISO27001 certification audits, etc.
- ㆍEstablish security solutions, improve policies, and strengthen monitoring to proactively respond to APT security threats
- ㆍImplement the next-generation SIEM (Security Information and Event Management), and apply intelligent security scenarios using AI
- ㆍEstablish security procedures for the Public Cloud, build solutions, and monitor to respond to security issues
- ㆍImprove our IT BCP (Business Continuity Plan) procedures to prepare for large-scale incidents or disasters
In the digital age we all live in, the importance of information security and privacy is increasing. That is why AhnLab has established an information security and privacy management system. With this management system, we collect, use, and expire the personal information of users and prevent customer’s potential damage. AhnLab invests 7.1% of its total IT budget in information security. (As of FY 2021)
As a general rule, we do not collect personal information when you visit our website, unless you choose to provide such information to us. We manage given personal information of all users consistent with the Privacy & Security Policy. We collect minimum of personal information, and the information we gathered will be used and/or shared to third parties only for its intended and limited purpose. The personal information for use of AhnLab’s service will be kept for a predetermined period of time based on the user’s agreement. After the agreed period of time, in case that the holding period expires, collection purpose is achieved or when the users choose to remove it, we immediately start the process of removing it from our product and service safely and completely. Once your personal information is deleted, it will never be recovered or recycled.
AhnLab performs company-wide internal security consulting (internal cybersecurity audit) to identify possible vulnerabilities on its assets including PCs and servers. On the identified vulnerabilities, we take risk assessment to figure out its DoA (Degree of Acceptance). Based on the result of such process, we establish countermeasures against prioritized risks.
We also conduct regular (and frequent) internal vulnerability assessment on our websites, apps, and key business operating systems to discover, classify and prioritize the potential vulnerabilities and to take actions to mitigate them. In addition, third party audit is performed regularly (once a year) by independent institutions to maintain certifications on information security as follows:
ISMS, ISMS-P, ISO27001
1) ISMS(Information Security Management System): Certification for the set of policies and procedures of the organization for information security practices. It is certified by certification bodies including Korea Internet & Security Agency (KISA).
2) ISMS-P(Personal information & Information Security Management System): Integrated certification that consolidated 'Personal Information Management System (PIMS) certification' and 'Information Security Management System (ISMS) certification' into one. It is certified by certification bodies including Korea Internet & Security Agency (KISA).
3) ISO27001: International standard to manage information security, including comprehensive suite of information security controls.
We conduct various cybersecurity hands-on trainings. We have yearly DDoS (Distributed Denial of Service) simulation training to evaluate the resiliency of the service and to practice event response. A personal data breach simulation training is also taken to harden the incident response process. All employees in AhnLab take state-of-the-art information protection and privacy awareness training via online, and monthly APT email (spear phishing) simulation training. With these training and awareness programs, monthly ‘team security posture scores’ are derived and posted.
It is required for all consignee (the one who carries out the consigned processing of personal information) of AhnLab to make security management agreement with us, and to take follow-up inspections. For partners and contractors, we provide cybersecurity training & learning course materials. Submitting course confirmation form is mandatory for partners and contractors.
| Frequency | Training Courses | Format | Trainees | # of Trainees (As of 2022) |
|---|---|---|---|---|
| Once a year | Security Policy, Security Organization Responsibilities and Roles | On/Offline | Team Security Facilitators | 81 |
| Personal Information Security | Online | All Employees | 1,221 | |
| Awareness for Compliance with Personal Information Protection Act | On/Offline | Key Personnel | 16 | |
| Twice a year | Information Security Training for New Employees | Offline | New Employees | 150 |
- Business Owner
- Industrial Safety and Health Committee
- Health and Safety Management Supervisor
- Manager
- Manager
- Manager
AhnLab, reflecting the characteristics of an IT and software company, identifies potential risks in Health and Safety area and continuously plans, implements, evaluates, and improves the followings to prevent major accidents and ensure safety and security in the workplace.
AhnLab employees strive to prevent accidents and disasters in the workplace and continuously improve safety levels. Our employees faithfully comply with all safety and health standards set forth in relevant laws and regulations, such as the Occupational Safety and Health Act, and in-house safety and health management regulations, and actively cooperate with activities related to accident and disaster prevention.
AhnLab prioritizes safety and health in all operations and management, and takes priority measures to prevent safety accidents, etc.
- - Employee Action Plan for Health and Safety
- ① Fire Prevention
- - Avoid Octopus Connection that exceeds capacity (e.g., in server rooms, special rooms, personal workstations)
- - Turn off personal heating devices after using them
- - Turn off PCs, laptops, and monitors when not in use
- ② Do not engage in risky behaviors such as leaning on glass railings in the building
- ③ Evacuate quickly when there are abnormal signs and share them with the General Affairs Team (e.g., smell, smoke, vibration, sound)
- ④ Request the General Affairs Team when facilities need to be inspected/improved
- ① Fire Prevention
- - Establishment and operation of a management system, including the establishment of a major disaster reporting system and planning of inspection schedules
- ① Immediately notify the management support office (General Affairs Team, Human Resources Team) in the event of a disaster and request cooperation.
- ② Establish procedures for managing emergencies (e.g., fires, leaks, collapses)
- ③ Conduct regular safety inspections of facilities such as firefighting, elevators, cafeterias, etc.
- ④ Posting emergency evacuation maps for each floor
- - Conducted company-wide training on the Serious Accidents Punishment Act (December 2021)
- - Conducted company-wide training on occupational health and safety (once a quarter)
- First, by enhancing the awareness of safety and health among employees and workers, we prevent industrial accidents.
- Second, we conduct proactive safety management activities for our facilities and improve their safety.
| Category | 2022 | 2021 | 2020 |
|---|---|---|---|
| Industrial Accident Rate(%)* | 0.08 | 0.00 | 0.00 |
| Absence Rate(%)** | 0.00 | 0.00 | NA |
*Industrial Accident Rate=(# of injured people/# of total workers)x100
**Absence Rate=(# of absent days/# of available workdays)x100