Home > CSR > Information Security

Information Security

Information security is our top priority. To this end, we established in September 2013 a basic policy consisting of seven principles. Under this policy, all personnel are committed to:

  • Operations under our information management scheme;
  • Proper handling of customer-provided information and of confidential data concerning sales transactions and technology;
  • Compliance with the Act on the Protection of Personal Information.


Information Security Basic Policy

This policy applies to the whole SMIC Group.

We believe that solid protection of information, which we deem as the 4th assets, is essential for us to prove to our stakeholders that the SMIC Group is “secure”. We will hence endeavor to continue improving our information security management through this policy.

Specifically, all of our Group members will observe the following seven principles.


1. Compliance with law and agreements
We will comply with each country’s laws prohibiting unauthorized usage of information, requiring accuracy thereof and protecting individual’s privacy. We will also conform to agreements with customers pertaining to handling of information.
2. Establishment of information management scheme
We will formulate company regulations regarding information security and disseminate them across the company. We will build an entity-wide information management scheme that will enable us to make continuous improvements.
3. . Implementation of measures based on risk analysis
We will research threats and vulnerabilities surrounding information security. Once risks are identified and analyzed, we will implement appropriate countermeasures promptly.
4. Manifestation of executive commitment
Executives will hereby declare their initiative to build the afore-mentioned information management scheme as well as their decision to provide necessary resources for the mission.
5. Monitoring of observance and implementation
Our information security committee will regularly revise the criteria for evaluating security measures in order to respond better to internal audit findings, changes of information and emergence of new threats. We will examine the validity of such revisions to ensure the adequacy of corrective actions and thus maintain appropriate information management.
6. . Imposing punishment for violations
In case of breach of company regulations, executives will assess the severity of the violation and punish the non-conformer accordingly. Non-conformers will have to accept punishment.
7. Taking actions against infringements
In case our information is infringed upon, we will take prompt and efficient actions such as communication to affected parties, preservation of evidence, prevention of damage diffusion and data restoration. We will also implement measures for preventing the recurrence of such incident.