Jump to main contents

Privacy and Cyber Security

SK Rent-a-Car is doing its utmost to safely protect valuable information of the company and customers

SK Rent-a-Car has established internal protection plans to safely protect crucial information of the company and customers, and it continues to implement administrative protection measures by stages and technical protection measures, and inspect its subcontractors and business partners.

Privacy Policy

SK Rent-a-Car has established regulations for personal information protection and security, and 25 specific rules under the regulations to protect information and conform to regulations.
These are standards for safe protectiThese are standards for safe protection and management of company and customer’s valuable information, and we update our regulations and guidelines through establishment/revision according to amendments in major laws and regulations.
In particular, for safe protection and monitoring of personal information, we are applying the internal protection plans, including taking administrative protection measures by stages from collection, use and storage to disposal of personal information, taking technical protection measures such as encryption, intrusion detection/firewall systems, etc. and regular inspection of subcontractors and business partners.

Medium to long-term goals for privacy and cyber security

SK Rent-a-Car obtained and is maintaining the Personal Information & Information Security Management System(ISMS-P) and Cloud Security Assurance Program(CSAP) to protect valuable information of the company and customers against internal/external threats.
With our efforts, we are working towards continuously creating a safe environment for management and improving the security level.
Furthermore, we disclose the current status of our protection activities for customers to suggest a standard for choosing a safe enterprise.

  • 2023

    Strengthened capabilities to operate the Cloud Service, a security management system and company-wide(personal) information protection and management system

    • Expanded the scope of the ISMS-P certification from the existing on-premises services to cloud services
    • Maintained the CSAP certification
    • ISMS-P and CSAP certifications, systematic security inspection of the SK group by work stage and its internalization for our employees
  • 2024

    Detection of security threats and work systematization to manage(personal) information protection and management system

    • Established an anomaly detection system with the analyzed security log
    • Established systems to manage the certification progress chart, evidence and history(DB)
  • 2025

    Enhancement of the security threat detection system, and(personal) information protection and management system

    • Organized a system for application and cloud log analyses
    • Established an efficient business model for operation, measurement and improvement of the(personal) information protection and management system

Information protection and cyber security management system

SK Rent-a-Car established a dedicated Information Protection Center for the systematic management of data assets.
In addition, we have established a council for the Chief Information Security Officer(CISO) and Chief Privacy Officer(CPO) to build a company-wide protection system.
Major issues related to privacy protection and cybersecurity are being reviewed by the council and executives, and the council meetings are held quarterly on a regular basis to discuss legal and regulatory changes, share security incident cases and trends, and develop strategies.

Cybersecurity Organization Chart

Management System for Information and Cyber Security

CISO
Chief Information Security Officer
CPO
Chief Privacy Officer
Companywide Security Organization
Establishment and operation of policies and procedures(Education, inspections, and responses to external auditing)
Advisor Group
Management’s decision-making on major issues(Policy development, legal review of security accidents, laws, HR system, and PR support)
CISO · CPO Council
Proposal of opinions for safe information protection
  • Privacy Policy

    In May 2023, SK Rent-a-Car established “Simple Guidelines for Privacy Policy” and uploaded it on the website for customers to raise their understanding of the major aspects. These guidelines enhance customers’ accessibility, focusing on the collection, use, and protection of personal information.

Cyber security risk assessment

SK Rent-a-Car actively manages potential risks at all locations nationwide, including branches and sales offices. We conduct biannual assessments to inspect the subcontractors handling SK Rent-a-Car’s customer information.

Inspection Areas

  • Administrative protection measures

  • Management of work PCs

  • Technical protection measures

  • Personal information life cycle

  • Physical protection measures

  • Application of PC security

Second-Half Cybersecurity Inspection Procedure

  • Analyze firsthalf check results

  • Select items(vulnerable item groups)

  • Select targets for inspection

  • Announce overall inspection schedule

  • Announce schedule a week before

  • Remind schedule a day before

  • Perform on-site inspection

  • Compile results and statistics

  • Certification for Cybersecurity

    In December 2020, we became the first in the industry to obtain the Personal Information & Information Security Management System(ISMS-P) certification, and we acquired the SaaS Cloud Security Assurance Program(CSAP) to upgrade the information protection standard of G-Smartlink in 2021.
    In 2022, we made efforts to maintain the ISMS-P system and expanded the scope of certification from the existing on-premises services to cloud services.

go top