Information Security Policy

MCNEX responds to information security threats by establishing security regulations, such as its 'Security Management Regulations' and 'Personal Information Handling Policy' (Privacy Policy), and by conducting regular information security training. Regarding its Security Management Regulations, MCNEX holds annual meetings for security personnel to promote the internalization of its security policies. The company also regularly reviews and revises these regulations to reflect legal amendments. Security-related regulations and policies are posted on the company's internal groupware and website. MCNEX also announces security-related issues and strives to ensure all employees are prepared for information security threats. Furthermore, since 2022, MCNEX has fulfilled its information security disclosure obligations by publicly disclosing the status of its information security investments, personnel, and key security activities.

Dedicated Information Security Organization

MCNEX responds to various security threats by appointing a Chief Information Security Officer (CISO) and a Chief Privacy Officer (CPO), and by assigning dedicated personnel for each security domain: administrative, physical, and technical. As the head of company-wide information security, the CISO establishes and amends security regulations and policies, while also monitoring the overall status of security management and compliance with these regulations.

Information Security Management System

MCNEX responds to information security threats by mandating the installation of firewalls and antivirus software on all employee PCs and by implementing security systems such as NAC (Network Access Control) and IPS/IDS (Intrusion Prevention/Detection Systems). Furthermore, to prevent the leakage of important internal information, MCNEX utilizes IT systems like ERP, MES, and groupware, conducts business operations through a document centralization system, and prohibits the use of unauthorized media and the introduction of unapproved equipment.

In particular, to enhance the effectiveness of its Information Security Management System (ISMS), MCNEX conducted a company-wide self-security inspection. The inspection assesses the company's security level based on over 100 detailed items across five key areas: Security Policy, Personal Information Protection, Physical Security, Information Asset Management, and Security System Operation. The results of the 2024 inspection confirmed that MCNEX met internal standards in areas such as security policy management, personal information protection, security system operation, and physical security. It also verified that IT infrastructure security operations—including antivirus management, backup management, and security monitoring—are being operated stably. The company plans to implement improvement measures for certain areas identified as needing enhancement, such as the disposal and utilization of information assets, security checks for external personnel, and blocking unauthorized wireless networks.

ISO/SAE 21434

In July 2024, MCNEX obtained ISO/SAE 21434 certification, an international standard for automotive cybersecurity, covering specific automotive-related components and their associated processes. ISO/SAE 21434 defines cybersecurity processes and requirements throughout the vehicle lifecycle—from design, development, and testing to post-production stages—and consists of a total of 45 security categories. Through achieving this international automotive cybersecurity certification, MCNEX has established a cybersecurity management system compliant with advanced global standards. Going forward, the company will continue to do its utmost to prevent and resolve the safety and security issues of its domestic and international customers and partners.

ISO/SAE 21434

Information Security Training

MCNEX provides Personal Information Protection Training to employees who handle customers' personal information. The training curriculum covers content for personal information handlers, including the Personal Information Protection Act and topics such as the collection and provision of personal data. Furthermore, to counter increasingly sophisticated cybersecurity threats, MCNEX conducts specialized security training for its information security personnel. This security training has provided education aligned with the latest information security trends, covering subjects ranging from recent cybersecurity threat case studies to updates on security-related regulations.