Samsung SDS has established and operates an information security policy to protect all of the company's information assets, targeting all employees, as well as employees from subsidiaries and partner companies, along with any external visitors to the company. In the information security regulations, Samsung SDS defines basic principles and provides information security guidelines that outline detailed execution criteria based on the principles. Samsung SDS manages the establishment and operation of the information security management system based on the policies established with separate execution guides in place to ensure compliance with regulations and guidelines. The information security policy undergoes a review and/or revision process at least once a year to ensure alignment with relevant laws, internal regulations, and to accommodate changes in regulatory requirements, business characteristics, and the operational environment that may impact management. Additionally, overseas subsidiaries have separate information security policies, referencing the policies of the headquarters and incorporating relevant local laws and regulations of their countries.