Information Security Strategy
Information Security Organization & Framework
Doosan Enerbility has a dedicated organization for systematically handling information security, one that is centered around the Chief Information Security Officer (CISO).
The CISO oversees the establishment and implementation of the company’s information security policy, while concurrently holding the position as Chief Privacy Officer (CPO),
whose main responsibility is overseeing the company’s legal and ethical obligations.
- The information security department handles security details at the working-level, including the policy operation, system inspections, accident response and employee training. The corporate-wide security system is managed through close collaboration with all the other departments.
- All employees have data protection accountabilities related to their respective work, and are obligated to comply with detailed security guidelines, such as those relating to account management, the detection and reporting of anomalies, and handling of sensitive information.
- External partner companies are also required to undergo preliminary security checks and are applied security provisions that are included as mandatory contractual obligations, all of which are used to effectively control external risks.