Hello, Channel Netmarble readers! This is the fourth story of [ESGing Netmarble], and I would like to tell you how Netmarble protects and manages precious personal information that many people and gamers trust.
# Managing personal information safely, Is it ESG management?
ESG's Governance(G) encompasses all of the 'people' who are trying to solve the social and environmental issues that we talked about earlier: leaders, boards, and stakeholders. Managing potential corporate crises and threats to consolidate governance is an important synergy in corporate behavior for society and the environment.
As Netmarble manages the information of many users around the world, it is very important to protect personal information by establishing a safe security environment.
# How are Netmarble's Information Security Policy and Systems organized?
As a global publishing company that services games in over 150 countries around the world, Netmarble recognizes the importance of security in the measures to reinforce global competitiveness.
Thus, to ensure our compliance with domestic and international personal information protection acts, we have established global privacy compliance and company-wide information protection regulations and guidance that satisfy ISO specifications, and carry out systematic information protection work on an ongoing basis.
Furthermore, we checked and managed the compliance and performance status of our internal security policy through an internal audit by the audit department.
Netmarble suggests the objective and direction regarding information protection through the information protection regulation, which is the highest-level policy related to in-house information protection, and strives for everyone concerned to have the same direction with regard to information protection.
Under the Information Protection Regulations, we provide General Security Work Guidance explaining procedures such as personnel security, outsider security, protection of confidential information, facility security, communications and office equipment security, security audit, security inspection.
Personal Information Protection Guidance, that is, Explanation of detailed matters to be observed in the collection, use, and management of personal information of members and employees , and other security guidance including Location Information Protection Guidance.
Netmarble also established three procedure manuals (Information Assets Risk Management Procedure Manual, Application Program Security Procedure Manual, and Emergency Situation Corresponding Procedure Manual) under the guidance that specifies a phased approach to achieving the objectives of the policy.
# What kinds of efforts Netmarble did to protect users' personal information?
Netmarble has a personal information processing policy that specifies the management standards for personal information to be collected and used in providing services to the user. According to this policy, the personal information is collected, used, and provided based on the user’s consent, and we sincerely comply with all related legislations and systems of Korea that information communication service providers are required to follow.
Regardless of the region of origin for the information to be processed, Netmarble preferentially applies the information protection standard specified in the personal information processing policy. However, if another standard is required, we operate the information protection system in consideration of the internal security policy of each country.
#Information Protection Certificate
Netmarble has made various efforts to protect major information assets against various security threats, and maintains certification of the information protection system from domestic and international institutions.
We acquired the Information Protection (ISMS) and Personal Information Protection Management System (PIMS) certifications for the first time in 2015, and acquired an ISMS-P certificate in 2020, which we are maintaining.
We acquired ISO 27001 in 2015, and to comply with our legal obligation to strengthen the reliability of our information protection and personal information protection activity, we completed deliberation for the maintenance of the ISMS-P certificate and ISO / IEC 27001 certificate in 2021, as planned.
# How is Netmarble creating a Data Protection Culture?
Corporate data leakage is a serious risk element that may lead to assets losses, as well as poor reliability of customers and a negative corporate image. To prevent internal data leakage, Netmarble regularly provides data security training for each position and job group of its employees.
Starting with data protection training for new employees, we help employees to practice data protection by sharing the latest data protection issues and security regulations through monthly information protection campaigns and security trend forums. In particular, we are raising the awareness of employees by conducting annual simulation training based on a scenario involving the inflow of malicious code by email.
In 2020, 99% of all Netmarble employees participated in the in-house data security training, and 100% participated in personal information training to reinforce awareness of the importance of personal information protection. In addition, starting in 2020, we have been investigating the employees’ in-house data security awareness to address the vulnerable points and thereby minimize the data security risks.
Since 2016, we have provided training and mock drills on responding to the inflow of malicious code by email. During the training, we increased the employees’ understanding by focusing on “how to identify a phishing email” instead of listing the general cases.
To increase the effectiveness of training, we gave small presents as a reward to the department to which the fastest reported employee belongs and the department to which the largest number of employees reported.
In 2020, a mock drill on malicious mail was conducted once, and Netmarble plans to pursue the objective of “Zero damage related to malicious email” in the future.
# Response and Processing of Data Leakage Accidents
When damage is caused to a user by intention or a material mistake, Netmarble is obligated to compensate for such damage under related legislations and the service use agreement. Procedures for receiving user opinions and complaints are provided at the initial screen for individual service page or the Netmarble website(www.netmarble.net), as well as in the personal information processing policy. Furthermore, we operate a dedicated organization to process opinions or complaints and to protect personal information.
Users can contact the personal information protection manager and the relevant department for all inquiries, complaints, and damage relief regarding matters of personal information protection.Netmarble will provide a prompt reply and discuss the processing of such inquiries. If the processing takes a long time, the user will be notified of the cause of the delay and the processing schedule via email, phone or written form, electronic memo, etc.
# Netmarble continues to strengthen its Data Protection Technology!
As a company that provides publishing services in the global market, Netmarble is vulnerable to DDoS attacks from other countries, and for this reason, we have tried to strengthen our data protection technology to safeguard our data from external attacks. DDoS attack attempts are defended through collaboration with the telecommunication companies, and strict security management is performed through the comprehensive blockage and monitoring of IDS(Intrusion Detection System) and the Web Firewall, blockage of abnormal packets and traffic pertaining to server access, service port management, etc. In terms of encryption, we apply encryption to all communication from the stage of game development.
Furthermore, Netmarble actively utilizes the cloud for its global game services. Amazon Web Service(AWS) and Google Cloud Platform (GCP) are applied to provide a pleasant game environment, and customized security functions on each platform are implemented. In addition, we have developed our own game security module to defend against external attacks, and expanded our R&D investment to secure security technology.
As the technology related to games is evolving rapidly, we intend to focus on the automation of security management processes such as monitoring, detection of abnormalities, and correspondence to systematically respond to emerging security issues.
Netmarble will continue to work hard to make a safe game environment where everyone can enjoy it with an easy mind.