SK Telecom announced on the 2nd that they are upgrading various security-related areas. The core of this revamp lies in integrating the advanced security system (ISO27002), which serves as a practical guide, onto the existing global security management framework (ISO27001). Based on global standards and compliance with domestic and international information protection regulations, SK Telecom has overhauled 17 information protection handling guidelines. This update reflects the latest security threats and technology trends in areas like cloud and supply chain and enhances their security response capabilities from incident prevention to recovery.
SK Telecom has incorporated the RACI Chart into its regulations to define clear roles and responsibilities across different security control areas. RACI stands for Responsible (staff in charge), Accountable (final authority), Consulted (advisors), and Informed (notified parties). This approach helps security personnel clearly acknowledge their roles, allowing for more prompt and efficient task performance.
Additionally, they have prepared a runbook detailing incident types and organizational response procedures. The runbook outlines a step-by-step guide from incident recognition to recovery, enabling swift execution of necessary measures according to the manual, regardless of the person in charge. Through A. Biz, employees can easily search and apply internal information protection policies. SK Telecom also improved privacy regulations and prepared practical guidelines for situations involving AI services and pseudonymous data processing, enhancing privacy protection execution in relevant departments.
Security partnerships with partner companies have also been elevated to a mandatory level. Similar to global IT companies, they proactively introduced a Security Schedule approach that precisely outlines security standards, responsibilities, and inspections at the contract stage. By systematizing information security compliance agreements with infrastructure partners, the overall safety of the service supply chain has been enhanced.
Lee Jong-hyun, SK Telecom’s Integrated Security Center Director (CISO), stated, “This security system improvement is a structural innovation that connects not only regulation overhaul but also policies, operations, people, and partners. We will continue to provide a stable telecommunications environment that customers can trust, based on the strengthened security system.”