original hero image
Governance
Information Security

Information Security Policy

MCNEX responds to information security threats by establishing security regulations, such as its 'Security Management Regulations' and 'Personal Information Handling Policy' (Privacy Policy), and by conducting regular information security training. Regarding its Security Management Regulations, MCNEX holds annual meetings for security personnel to promote the internalization of its security policies. The company also regularly reviews and revises these regulations to reflect legal amendments. In particular, reflecting the increasing trend of artificial intelligence (AI) usage in business operations in 2026, MCNEX established an AI service management policy to prevent security incidents such as indiscriminate use and data leakage. Security-related regulations and policies are posted on the company's internal groupware and website. MCNEX also announces security-related issues and strives to ensure all employees are prepared for information security threats. Furthermore, since 2022, MCNEX has fulfilled its information security disclosure obligations by publicly disclosing the status of its information security investments, personnel, and key security activities.

Dedicated Information Security Organization

MCNEX responds to various security threats by appointing a Chief Information Security Officer (CISO) and a Chief Privacy Officer (CPO), and by assigning dedicated personnel for each security domain: administrative, physical, and technical. As the head of company-wide information security, the CISO establishes and amends security regulations and policies, while also monitoring the overall status of security management and compliance with these regulations.

Information Security Management System

MCNEX responds to information security threats by mandating the installation of firewalls and antivirus software on all employee PCs and by implementing security systems such as NAC (Network Access Control) and IPS/IDS (Intrusion Prevention/Detection Systems). Furthermore, to prevent the leakage of important internal information, MCNEX utilizes IT systems like ERP, MES, and groupware, conducts business operations through a document centralization system, and prohibits the use of unauthorized media and the introduction of unapproved equipment.
In particular, to enhance the effectiveness of its Information Security Management System (ISMS), MCNEX conducts risk analysis and assessments. The assessment targets all information assets currently in use by the company—including servers, software, networks, and PCs—and involves conducting threat analysis, vulnerability diagnosis, and risk evaluations. The results of the 2025 risk analysis and assessment identified eight risks within systems such as groupware, ERP, and MES. For these identified risks, the company has implemented improvement measures focusing primarily on major vulnerabilities.

Information Security System

In June 2024, MCNEX obtained ISO/SAE 21434 certification, an international standard for automotive cybersecurity, covering specific automotive-related components and their associated processes. ISO/SAE 21434 defines cybersecurity processes and requirements throughout the vehicle lifecycle—from design, development, and testing to post-production stages—and consists of a total of 45 security categories.
Furthermore, in November 2025, MCNEX acquired the international standard Information Security Management System (ISO/IEC 27001) certification. Through achieving international information security certifications, MCNEX has established a cybersecurity management system compliant with advanced global standards. Going forward, the company will continue to do its utmost to prevent and resolve the safety and security issues of its domestic and international customers and partners.

ISO 27001

Information Security Training

MCNEX provides Personal Information Protection Training to employees who handle customers' personal information. The training curriculum covers content for personal information handlers, including the Personal Information Protection Act and topics such as the collection and provision of personal data. Furthermore, to counter increasingly sophisticated cybersecurity threats, MCNEX conducts specialized security training for its information security personnel. This security training has provided education aligned with the latest information security trends, covering subjects ranging from recent cybersecurity threat case studies to updates on security-related regulations.