For business development purposes, RareJob Group of Companies (hereinafter, “RareJob Group”) recognizes Information Security as one of the key management policies and commits to protecting Information Assets from any threat, breach or violation, in order to maintain the trust and confidence and provide sense of security to all stakeholders.
Based on this policy, we establish the following rules and management structure, hereinafter the “Information Security Management System”, to detail the social responsibilities required for proper execution of Information Security activities.
RareJob Group adheres to the following principles of Information Security: protection of confidentiality of data, preservation of integrity, and promotion of the availability of information assets. To effectuate proper Information Security, we identify and detect the causes of Information Security risks from the aspect of threat, vulnerability to unauthorized use and according to the internal standard rules. We take appropriate counter measures against these causes in order to eliminate, if not mitigate, the risks to tolerable levels.
All RareJob Group members, including employees, officers, agents, advisors, directors and temporary workers are required to comply with this policy.
The scope of Information Security Management is defined and limited according to each service provided. The Information Assets to be protected include, but not limited to, confidential information acquired through daily operations, documents, including contracts and agreements, intellectual property including know-how, computers and network facilities related to the business operations under the management of RareJob Inc., information system such as software, and data processed in the information system.
RareJob Group organizes an Information Security Committee, assigns a Manager to control the activities, and establishes an Information Security Audit function to inspect the activities. We also establish an Emergency Response Framework, in coordination with external experts, for possible Information Security Incidents.
In adopting Information Security Controls, all the members of RareJob Group acts in unity. Our efforts include the establishment of three (3) kinds of management: (a) Organizational management such as establishment of framework and procedures, (b) Human Resource management including education and training for employees, and (c) Physical and technical management in receiving and storing Information Assets.
When outsourcing all or parts of the business, we will adhere to its proper implementation, in order to fully realize and evaluate its accuracy and maintain the same standards of security level. In addition, in order to continuously confirm that these security levels are properly maintained, we will conduct regular audits of outsourcing companies and review of management system.
RareJob Group conducts Information Security activities in compliance with relevant laws, such as the Act on Protection of Personal Information, Unfair Competition Prevention Act, Copyright Act, Data Privacy laws and other guidelines and regulations in relation with Information Security Management System. We also act in conformity with the requests proposed by the stakeholders. In addition, we will strive for appropriate Information Management by dealing strictly with any breach and violations.
RareJob Group regularly reviews and evaluates the Information Security Management System to protect Information Security from any threat stemmed from social changes and advancement of information technology. We also ensure to maintain and continually improve information security by taking preventive and corrective actions.
RareJob Group of Companies
July 1, 2019