Sustainability

Article 1. Purpose

BK Electronics shall comply with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Use and Protection of Credit Information Act, the Electronic Financial Transactions Act, and the Act on the Protection of Information and Communications Infrastructure. The purpose of this policy is to enhance employees’ awareness of security and to prevent information leakage by properly managing personal information (employees, customers, suppliers, medical device users/patients, stakeholders), customers’ confidential information, and the company’s technical information.

Article 2. Scope of Application

This policy applies to the company’s personnel and systems.

Article 3. Information Protection Targets

The following are subject to information protection:

– Employees’ personal information
– Customers’ personal information
– Suppliers’ personal information
– Medical device users/patients’ personal information
– Stakeholders’ personal information
– Customers’ technical confidential information
– The company’s technical confidential information (development, patents, manufacturing technology, trade secrets, quality documents, financial/accounting information, IT system data).

Article 4. Information Protection Goals

The company’s information protection goal is to ensure continuity in sustainable management and to make the utmost effort to prevent information leakage.

Article 5. Information Security Training

All employees must complete information security training once per year.

Article 6. Information Security Management Organization

The company’s information security management organization is divided as follows. In the event of a leakage incident, reports must be submitted to the relevant group for appropriate action:

1) Personal Information Leakage Management: Management Group / Report to: kun35@bkec.co.kr
2) Customer Confidential Information Management: Sales Group / Report to: bksales41@bkec.co.kr
3) Hacking & Cyber Risk Management: IT Group / Report to: leblue@bkec.co.kr
4) Company Technical Information Management: Finance Group / Report to: ihb1911@bkec.co.kr

Article 7. Scope of Information Security Management

This policy applies to employees’ work PCs, servers/networks, IT systems, and documents submitted externally.

Article 8. Information Security Operations

1) Antivirus programs must be continuously running on employees’ work PCs, servers/networks, USB storage devices, and IT systems to prevent cyber risks, hacking, and virus infections.
2) Important documents submitted externally must be clearly marked as “Confidential” in Korean or English.
3) Access to IT systems is restricted to employees only, using personal IDs and passwords to prevent external access.
4) Access to server networks is restricted to employees only, using department-specific IDs and passwords to prevent external access.
5) To prevent cyber risks and hacking, periodic network security inspections must be conducted by third parties, and immediate corrective action must be taken if abnormalities are found.
6) Access to critical facilities is only permitted with company-issued access cards.
7) External personnel are not allowed direct access to critical facilities. If external access is required, they must follow company entry procedures and be accompanied by a company employee.

Article 9. Data Storage and Backup Management

1) Company data must be backed up daily at designated times to the backup server.
2) Backup servers must be managed separately from the main servers.

Article 10. Information Security Management

Internal audits related to information security must be conducted once per year according to a regular plan. If nonconformities are identified, corrective and preventive measures must be taken in accordance with established procedures.

This policy shall take effect from January 2026.