정책

POSCO, based on its information security principles, has established information security regulations and personal information protection regulations. The company has implemented an information security system that includes 12 detailed guidelines, such as document management guidelines and drawing management guidelines. These regulations and guidelines are revised annually, taking into account the latest laws, systems, and internal and external environments. The revisions are reviewed by the company-wide Information Security Committee and approved by top management. All employees can access these documents through the standard document management system.

Additionally, revisions are posted on the company portal system (EP) to ensure easy access for employees. The information security policy framework consists of four levels: principles, regulations, guidelines, and operational procedures. The information security regulations outline the operational standards for various information security activities, including policy, organization, change management, and security incident response, as well as specific areas like asset protection, personnel security, and document security. Moreover, sector-specific information security policies are established as subordinate guidelines under the information security regulations and are operated under the supervision of their respective implementing departments. POSCO has developed and implemented detailed standards for security management measures that cover the entire lifecycle of critical information, including documents, drawings, and system data. Additionally, through the personal information protection regulations, POSCO clearly defines the administrative and technical measures for protecting the personal information of customers and employees. Consent forms for the collection and use of personal information, as well as for third-party provision, are obtained from employees and customers to secure stakeholder consent. This effectively controls access to critical information and prevents unauthorized disclosure.

Since obtaining the international information security standard ISO 27001 certification in 2021, POSCO has maintained a global level information security management system through continuous follow-up audits. Additionally, POSCO conducts security consulting activities to enhance the security levels of its overseas subsidiaries, business companies, and partners, contributing to the security reinforcement and shared growth of the entire value chain, including customers and suppliers. Through these efforts, POSCO minimizes security-related risks and protects information assets by complying with regulatory requirements and relevant laws, thereby ensuring reliability and security.