Data Privacy & Security
As an IT company responding to the era of digital transformation, NSD is working on data privacy and security as one of our most important challenges in order to earn the trust of customers and society.
Recognizing information security incidents such as leaks and unlawful disclosure of information as major risks for corporate management, we strive to safely and securely handle (maintain confidentiality, integrity, and availability) information assets, including personal information, as a company that handles important information for customers and employees.
Basic Policy on Information Security
To maintain the confidentiality, integrity, and availability of all information assets, thereby earning the trust of customers and society, NSD has established its Basic Policy on Information Security in an effort to ensure the security of information.
Moreover, specific measures are stipulated in the Information Security Standards and Information Security Procedures as sub-provisions of the Basic Policy on Information Security to ensure that measures are effective.
Basic Policy on Information Security
We will establish and comply with an information security policy in order to protect information assets from the threats of disaster, damage, negligence, and willful intent.
We will make our employees aware of the importance of information security and ensure that they are fully aware of our policy so that they can handle information assets appropriately.
We will comply with laws and regulations regarding information security and the protection of personal information.
We will inspect and audit our compliance with the information security policy in an effort to operate it appropriately.
We will continuously ensure the effectiveness of our information security policy in response to social and technological changes.
Establishment of an Information Security Management System
NSD has established the Information Security Committee under the Risk Management Committee to strengthen information security. The Information Security Committee, which is chaired by the Head of the Corporate Service Division and comprised of related officers and department managers, regularly identifies information security risks throughout the Company, and in addition to giving guidance on preventive measures, confirms the Company’s compliance with the rules.
Moreover, we are taking physical measures by developing systems such as equipment and functions to prevent the risk of information leaks, malware and other virus infections, as well as unauthorized access to the Internet and e-mails.
Employee Training on Information Security
Every year, NSD carries out training for employees on the Company’s rules and risks. Furthermore, we regard problems related to information security that occur on a daily basis outside NSD as issues of our own. As such, we verify whether there are any similar problems within the Company, and make them known to all employees. When laws and regulations such as the Act on the Protection of Personal Information are revised, we provide education to employees to ensure thorough compliance with such laws and regulations.
Cyber Attack Countermeasures
In addition to information leaks and cyberattacks by hackers, the risks of organized terrorist cyberattacks from other countries, such as ransomware demanding money and the shutting down of vital infrastructure, have recently come to the fore.
In light of these heightened security risks, NSD outsources vulnerability assessments of internal and external systems to third-party specialists in order to prevent unauthorized access and malware infection. Furthermore, we are working to strengthen security by providing targeted attack countermeasures, firewalls, web content filtering, and an intrusion prevention system (IPS).
As targeted email attacks are evolving and becoming ever more sophisticated, we will continue to strengthen our defenses and provide training and education to eliminate human vulnerabilities.