AhnLab, as a specialized information security company, clearly recognizes the importance of information and personal data protection and strives to fulfill its social responsibility in this regard. Through these efforts, AhnLab aims to enhance not only the sustainability of the company but also to contribute to a world with 'More security, More freedom.’
More Security, More Freedom (by 2030)
In the digital age we all live in, the importance of information security and privacy is increasing. That is why AhnLab has established an information security and privacy management system. With this management system, we collect, use, and expire the personal information of users and prevent customer’s potential damage. AhnLab invests 7.1% of its total IT budget in information security. (As of FY 2021)
As a general rule, we do not collect personal information when you visit our website, unless you choose to provide such information to us. We manage given personal information of all users consistent with the Privacy & Security Policy. We collect minimum of personal information, and the information we gathered will be used and/or shared to third parties only for its intended and limited purpose. The personal information for use of AhnLab’s service will be kept for a predetermined period of time based on the user’s agreement. After the agreed period of time, in case that the holding period expires, collection purpose is achieved or when the users choose to remove it, we immediately start the process of removing it from our product and service safely and completely. Once your personal information is deleted, it will never be recovered or recycled.
AhnLab performs company-wide internal security consulting (internal cybersecurity audit) to identify possible vulnerabilities on its assets including PCs and servers. On the identified vulnerabilities, we take risk assessment to figure out its DoA (Degree of Acceptance). Based on the result of such process, we establish countermeasures against prioritized risks.
We also conduct regular (and frequent) internal vulnerability assessment on our websites, apps, and key business operating systems to discover, classify and prioritize the potential vulnerabilities and to take actions to mitigate them. In addition, third party audit is performed regularly (once a year) by independent institutions to maintain certifications on information security as follows:
ISMS, ISMS-P, ISO27001
1) ISMS(Information Security Management System): Certification for the set of policies and procedures of the organization for information security practices. It is certified by certification bodies including Korea Internet & Security Agency (KISA).
2) ISMS-P(Personal information & Information Security Management System): Integrated certification that consolidated 'Personal Information Management System (PIMS) certification' and 'Information Security Management System (ISMS) certification' into one. It is certified by certification bodies including Korea Internet & Security Agency (KISA).
3) ISO27001: International standard to manage information security, including comprehensive suite of information security controls.
We conduct various cybersecurity hands-on trainings. We have yearly DDoS (Distributed Denial of Service) simulation training to evaluate the resiliency of the service and to practice event response. A personal data breach simulation training is also taken to harden the incident response process. All employees in AhnLab take state-of-the-art information protection and privacy awareness training via online, and monthly APT email (spear phishing) simulation training. With these training and awareness programs, monthly ‘team security posture scores’ are derived and posted.
It is required for all consignee (the one who carries out the consigned processing of personal information) of AhnLab to make security management agreement with us, and to take follow-up inspections. For partners and contractors, we provide cybersecurity training & learning course materials. Submitting course confirmation form is mandatory for partners and contractors.
Frequency | Training Courses | Format | Trainees | # of Trainees (As of 2022) |
---|---|---|---|---|
Once a year | Security Policy, Security Organization Responsibilities and Roles | On/Offline | Team Security Facilitators | 81 |
Personal Information Security | Online | All Employees | 1,221 | |
Awareness for Compliance with Personal Information Protection Act | On/Offline | Key Personnel | 16 | |
Twice a year | Information Security Training for New Employees | Offline | New Employees | 150 |
AhnLab, reflecting the characteristics of an IT and software company, identifies potential risks in Health and Safety area and continuously plans, implements, evaluates, and improves the followings to prevent major accidents and ensure safety and security in the workplace.
AhnLab employees strive to prevent accidents and disasters in the workplace and continuously improve safety levels. Our employees faithfully comply with all safety and health standards set forth in relevant laws and regulations, such as the Occupational Safety and Health Act, and in-house safety and health management regulations, and actively cooperate with activities related to accident and disaster prevention.
AhnLab prioritizes safety and health in all operations and management, and takes priority measures to prevent safety accidents, etc.
Category | 2022 | 2021 | 2020 |
---|---|---|---|
Industrial Accident Rate(%)* | 0.08 | 0.00 | 0.00 |
Absence Rate(%)** | 0.00 | 0.00 | NA |
*Industrial Accident Rate=(# of injured people/# of total workers)x100
**Absence Rate=(# of absent days/# of available workdays)x100