SK Telecom said on Sunday it will upgrade a range of security-related areas. It plans to overhaul its organisation into practical security governance that can be applied immediately in the field and continue security innovation to respond to a surge in cyber threats.

The overhaul incorporated an advanced security system, ISO27002, which serves as a practical implementation guide, on top of its existing global security management framework, ISO27001, to strengthen execution. SK Telecom completed updates to 17 information protection processing guidelines by reflecting information security regulations at home and abroad based on global standards. It reflected the latest security threats and technology trends, including cloud and supply chains, and specified the full process from incident prevention to response and recovery.

SK Telecom incorporated a RACI Chart into its rules to assign clear roles and responsibilities by security control area. RACI refers to R (Responsible), A (Accountable), C (Consulted) and I (Informed). This was designed to help security staff clearly recognise their roles and carry out work efficiently.

It also prepared a runbook that details response procedures by incident type and organisation. A runbook is a practical guide that includes step-by-step check items and actions from incident recognition to response and recovery. Anyone can immediately take necessary measures according to the manual, regardless of whether they are the person in charge.

It also set up an environment through A. Biz that allows employees to easily search internal information security policies and apply them immediately to their work. SK Telecom explained, "We updated internal rules related to personal information protection and prepared practical guidelines by work situation, including AI services and pseudonymised information processing, to strengthen operational departments' ability to implement personal information protection."

SK Telecom raised security partnerships with partners to an obligatory level rather than limiting itself to strengthening internal security. It proactively introduced a "Security Schedule" approach, similar to global IT companies, that specifies security standards, responsibilities and inspections in detail at the contract stage. It systemised the signing of an "information security compliance pledge" for infrastructure partners.

It will also provide practical guidelines to contractors that handle personal information and conduct ongoing inspections in parallel. It will also complete a security ecosystem so customer information can be safely protected across the entire process of telecommunications services.

Lee Jong-hyun (이종현), head of SK Telecom's Integrated Security Center and CISO, said, "This improvement of the security system is a structural innovation that goes beyond a simple update of rules and connects policy, operations, people and partners." He added, "Based on the strengthened security system, we will continue to provide a stable telecommunications environment that customers can trust."