| CATEGORII DOCUMENTE |
| Aeronautica | Comunicatii | Electronica electricitate | Merceologie | Tehnica mecanica |
<}0
(a)
(b)
(c)
(d)
(e)
(f)
(h)
(c) that the SAMSUNG Data Importer shall provide sufficient guarantees in respect of the Technical and Organisational Security Measures specified in Appendix III to these Clauses;
(d) that after assessment of the requirements of the relevant provisions of the data protection law of the country or Member State in which the SAMSUNG Data Exporter is established the Technical and Organisational Security Measures are appropriate to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of Processing and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of the implementation;
(e) that it will ensure compliance with the Technical and Organisational Security Measures;
(f) that, if the transfer involves Special Categories of Personal Data, the Data Subject has been informed or will be informed before such transfer that the Personal Data could be transmitted to a third country not providing adequate protection;
(g) that it agrees to forward the notification received from the SAMSUNG Data Importer pursuant to Clause 5(a) and subject to Clause 4 (j) to the Supervisory Authority if it decides to continue the transfer or to lift its suspension;
(h) to make available to the Data Subjects upon request a copy of these Clauses with the exception of Appendix III which shall be replaced by a summary description of the Technical and Organisational Security Measures;
(i) to respond in a reasonable time and to the extent reasonably possible to inquiries from the Supervisory Authority on the Processing of the relevant Personal Data and to any inquiries from the Data Subject concerning the Processing of this Personal Data by the SAMSUNG Data Importer; and
(j) to develop with SAMSUNG Data Importer a notification to the Supervisory Authority of any relevant jurisdiction within a reasonable time of any notification received from the SAMSUNG Data Importer under Clause 5(a).
Clause
5
Obligations of SAMSUNG Data Importers
Each SAMSUNG Data Importer agrees and warrants:
(a) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the SAMSUNG Data Exporter and its obligations under these Clauses, and that in the event of a change of that legislation which is likely to have a substantial adverse effect on the guarantees provided by the Clauses, it will notify the change to the SAMSUNG Data Exporter, and develop with SAMSUNG Data Exporter a notification to the Supervisory Authority, as specified in Clause 4 (j). Upon receipt of such notification, the SAMSUNG Data Exporter will be entitled to suspend the transfer of Personal Data, terminate the Clauses and/or exercise any and all other rights and/or remedies available to SAMSUNG Data Exporter at law, in contract, in equity or otherwise.
(b) to process (and to ensure that its subcontractors, if any, process) the Personal Data only on behalf of the SAMSUNG Data Exporter and in accordance with its instructions and the applicable provisions of applicable law, these Clauses and SAMSUNG's EU Privacy Policy.
(c) that it has implemented the Technical and Organisational Security Measures specified in Appendix III before Processing the Personal Data transferred.
(d) to deal promptly and properly with all reasonable inquiries from, and all claims or proceedings filed by, an SAMSUNG Data Exporter (with respect to each Data Subject's respective Personal Data only) or the Data Subject relating to its Processing of the Personal Data subject to the transfer, and to co-operate with the competent Supervisory Authority and abide by its final advice in the course of all its inquiries and with regard to the Processing of the Personal Data transferred;
(e) in accordance with policies and practices to be established between the Parties, at the request of the SAMSUNG Data Exporter to submit its data processing facilities for audit and, where applicable, in mutual agreement with the Supervisory Authority;
(f) to make available to the Data Subject upon request a copy of these Clauses with the exception of Appendix III which shall be replaced by a summary description of the Technical and Organisational Security Measures in those cases where the Data Subject is unable to obtain a copy from the SAMSUNG Data Exporter and indicate the office which handles complaints;
(g) in accordance with policies and practices to be established between the Parties, to promptly notify the SAMSUNG Data Exporter about (i) any legally binding request for disclosure of the Personal Data unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of an investigation, (ii) any formal written request received from Data Subjects for access to their Personal Data; and (iii) any material accidental or unauthorised access as identified by the SAMSUNG Data Importer.
Clause 6
Liability
SAMSUNG Data Exporter agrees that a Data Subject who has suffered damage as a result of any violation of the provisions referred to in Clause 3 is entitled to receive compensation from SAMSUNG Data Exporter for the damage suffered to the extent provided for in Clause 3. SAMSUNG Data Exporter further agrees that it shall be liable for any violation of the provisions referred to in Clause 3 of this Agreement by SAMSUNG Data Importer, as guarantor of SAMSUNG Data Importer's obligations under such provisions.
If a Data Subject is not able to bring the action referred to in Clause 6(1) against the SAMSUNG Data Exporter because (a) the SAMSUNG Data Exporter has disappeared factually or has ceased to exist in law, and (b) SAMSUNG has not caused an appropriate credit-worthy entity located in the European Union to succeed to the obligations of such SAMSUNG Data Exporter as contemplated by Clause 3, the SAMSUNG Data Importer agrees that in such case such Data Subject may bring an action against the SAMSUNG Data Importer as if it were the SAMSUNG Data Exporter.
The Parties agree that if SAMSUNG Data Exporter is held liable for a violation referred to in paragraphs 1 and 2 of this Clause 6 by any SAMSUNG Data Importer, then:
(a) such SAMSUNG Data Importer will, to the extent it is liable, indemnify SAMSUNG Data Exporter for any cost, charge, damages, expenses or loss incurred by SAMSUNG Data Exporter; and
(b) SAMSUNG Data Exporter shall, in a separate proceeding, seek indemnification from such SAMSUNG Data Importer under Clause 6(3)(a), and such SAMSUNG Data Importer shall not contest the finding of a violation or the amount of any compensation awarded to the Data Subject.
Clause 7
Mediation and Jurisdiction
In the event of a dispute or claim brought by a Data Subject or Supervising Authority against any Party, the Parties will inform each other promptly about any such dispute or claims, and will cooperate with a view to settling them amicably in a timely fashion.
The Parties agree to participate in any generally available non-binding mediation procedure initiated by a Data Subject or Supervisory Authority. The Parties may elect to do so remotely (such as by telephone or other electronic means).
SAMSUNG Data Importer agrees that if there is a dispute between a Data Subject and either Party which is not amicably resolved and the Data Subject invokes the third party beneficiary provision in Clause 3, they will accept the decision of the Data Subject:
(a) to refer the dispute to mediation by an independent person or, where applicable, by the Supervisory Authority;
(b) to refer the dispute to the Courts of the
country or the
The Parties agree that by agreement between the Data Subject and the relevant Party a dispute can be referred to an arbitration body, if that Party is established in a country which has ratified the New York Convention on enforcement of arbitration awards.
The Parties agree that Clauses 7(1), 7(2), 7(3) and 7(4) apply without prejudice to the Data Subject's substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Clause 8
Co-operation with Supervisory Authorities
The Parties agree to deposit a copy of these Clauses with any Supervisory Authority with jurisdiction over SAMSUNG Data Exporter if it so requests.
The Parties agree that they will cooperate with the Supervisory Authority to establish the terms under which the Supervisory Authority shall conduct an audit of the data processing operations of the SAMSUNG Data Importer covered by this Agreement. Such audit will have the same scope and will be subject to the same conditions as would apply to an audit under clause 5(e). The Parties further agree that the Supervisory Authority may instruct the SAMSUNG Data Exporter to conduct an audit in accordance with clause 5(e) and the SAMSUNG Data Exporter shall comply with any such instruction issued by the Supervisory Authority and will inform the Supervisory Authority of all its findings.
Clause 9
Termination of the Clauses
1. Any SAMSUNG Company may terminate the Clauses as they apply to such SAMSUNG Company at any time for any reason upon written notice to the other SAMSUNG Companies. Upon termination of the Clauses, any SAMSUNG Data Importer that is thus no longer a Party to these Clauses shall immediately cease to process the Personal Data covered by these Clauses subject to requirements of applicable law and, if so instructed by SAMSUNG Data Exporter, either destroy or return all copies of such Personal Data.
2. The Parties agree that the termination of these Clauses at any time, in any circumstances and for whatever reason does not exempt them from the obligations and/or conditions under these Clauses as regards the processing of the data transferred prior to the termination.
3. The Parties agree that on the termination of the Clauses, the SAMSUNG Data Importer shall, at the choice of and according to the instructions of the SAMSUNG Data Exporter, return all the Personal Data transferred and the copies thereof to the SAMSUNG Data Exporter, or shall destroy all the Personal Data and certify to the SAMSUNG Data Exporter that it has done so, unless legislation imposed upon the SAMSUNG Data Importer prevents it from returning or destroying all or part of the Personal Data transferred. In that case, the SAMSUNG Data Importer warrants that it will guarantee the confidentiality of the Personal Data transferred and will not actively process the Personal Data transferred any more.
4. The SAMSUNG Data Importer warrants that upon request of the SAMSUNG Data Exporter and/or Supervisory Authority, it will submit its data processing facilities for an audit of the measures referred to in Clause 9(3).
Clause 10
Governing Law
The
Parties agree that claims for breach of these Clauses as between the Parties
shall be governed by Korean Law For claims brought by a Data Subject against one or
both Parties, the law of the country in which the SAMSUNG Data Exporter is
established will govern. Nothing in this
Clause 10, however, shall operate to diminish or limit the rights of any Data
Subject under the laws of any country or
Variation of the contract and Interpretation
The Parties undertake not to vary or modify the terms of these Clauses except with the concurrence of a majority of the SAMSUNG Companies that are a signatory to the Clauses; provided, however, that (i) the Parties acknowledge and agree that any variation of these Clauses can not operate to diminish or limit the privacy rights of any Data Subject under the laws of any relevant country or Member State; and that (ii) any such change subject to the review of the Supervisory Authority in the relevant jurisdiction, or that reduce the level of protection of any data subject in the relevant jurisdiction, shall be submitted to that Supervisory Authority for review and approval where necessary.
Additional Parties
Additional Parties may be bound by the Clauses by the execution of a Signatory Addendum to this Agreement, provided, however, that such addition will not operate to diminish or limit the privacy rights of any Data Subject under the laws of any relevant country or Member State.
SAMSUNG DATA EXPORTERS - CONTROLLERS[E2]
BY: __________ ______ ____ ____________
Printed name and title of signing representative:
BY: __________ ______ ____ ____________
Printed name and title of signing representative:
BY: __________ ______ ____ ____________
Printed name and title of signing representative:
BY: __________ ______ ____ ____________
Printed name and title of signing representative:
BY: __________ ______ ____ ____________
Printed name and title of signing representative:
SAMSUNG Electronics GmbH
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Semiconductor
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG
Semiconductor
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Semiconductor Italia S.P.A
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Semiconductor
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Semiconductor
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Semiconductor
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics Holding GmbH
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics Italia S.P.A
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics Iberia S.A.
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Telecom
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics European Service Parts Depot
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics Nordic AB
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics, Filiai of Samsung Electronics Nordic AB, Sverige
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics Nordic AB
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics Nordic Aktiebolag Sucen Sivulike
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics Polska Sp.zo.o
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics Potuguesa S.A.
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics Magyar Zrt.
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Zrt Ceska Organizacni Slozka
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics Magyar Rt. Slovanska Organizacna Zlozka
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics LCD Slovakia s.r.o
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
Branch Office of Samsung Electronics Co. Ltd
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Data System
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG Electronics Networks
BY: __________ ______ ____ _____________
Printed name and title of signing representative:
SAMSUNG DATA IMPORTERS - PROCESSORS[E3]
Samsung Electronics Co. Ltd
By__________ ______ ____ _________
Printed name and title of signing representative:
[TO BE COMPLETED - INSERT RELEVANT SAMSUNG ENTITY]
By__________ ______ ____ _________
Printed name and title of signing representative:
APPENDIX I[E4]
SAMSUNG Data Exporters:
Each SAMSUNG Data Exporter, in its capacity as a Controller, is engaged in the business of SAMSUNG Companies, namely (without limitation): electronics (including consumer electronics) and semiconductor business.][E5]
SAMSUNG Data Importers:
Each SAMSUNG Data Importer, in its capacity as a Processor, is engaged in the Processing of Personal Data received, directly or indirectly, from one or more other SAMSUNG Data Exporters.
Data Subjects:
The Data Subjects to whom the Personal Data relates are identified or identifiable natural persons within the scope of the EU Data Protection Directive or similar national legislation in other jurisdictions in which SAMSUNG Data Exporters are established, who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to such person's physical, physiological, mental, economic, cultural or social identity and who are (without limitation) within the following categories:
SAMSUNG Companies staff (current, past and prospective employees and staff, and for the avoidance of doubt 'staff' shall include (without limitation) professional advisers, consultants, volunteers, temporary and casual workers and applicants for employment with SAMSUNG Companies ("SAMSUNG Companies Staff"),
family members, relatives, guardians and associates of SAMSUNG Companies Staff; and
SAMSUNG Companies current, past or prospective contractors, sub-contractors, customers, suppliers, professional advisors or business partners ("SAMSUNG Companies Business Partners") including their employees, employee family members, applicants, consumers, customers or suppliers;
Purposes of the transfers:
The transfers are necessary for the following purposes:
SAMSUNG Companies are engaged in
international business affairs and accordingly data processing operations for SAMSUNG
Companies worldwide are performed in
Categories of data:
The Personal Data transferred include all data SAMSUNG Companies determine necessary to perform their business functions, including (without limitation) SAMSUNG Companies Staff data and SAMSUNG Companies Business Partners data, defined as follows:
Sensitive Data:
[SAMSUNG Data Exporters process Special Categories of Data in their capacity as Data Controllers and this includes (without limitation) information concerning a Data Subject (as described in this Appendix 1) which relates to race or ethnic origin, political opinions religious beliefs or other beliefs, physical or mental health or condition, sexual history or orientation, trade union membership, commission or alleged commission of a criminal offence and any court, tribunal or inquiry proceedings, family lifestyle and social circumstances.][E6]
Recipients:
The Personal Data transferred may be disclosed to:
(1) SAMSUNG Data Importers and SAMSUNG Companies Staff who have a reasonable need to know the information in order to fulfill the purposes detailed in the Section of this Appendix labeled "Purposes of the Transfer", including personnel involved in management and administration, information services, and human resources;
(2) Affiliates of SAMSUNG Data Exporter or SAMSUNG Data Importer, for the same purposes,
(3) the Data Subjects themselves,
(4) third party service providers of SAMSUNG Companies, such as SAMSUNG Companies Business Partners and any other suppliers, advisers, research and financial organisations or other data processors, and their authorized personnel,
(5) Central and Local Government, and
(6) any person (natural or legal) or organization as may be required by law.
Storage limits:
Any employment-related SAMSUNG Companies Staff Data transferred will be stored during the term of SAMSUNG Companies Staff employment and for a reasonable period of time thereafter based on legitimate business considerations and in accordance with the requirements under local law, including compliance with laws and regulations, processing remaining payroll or bonus payments, and administration of benefits. The same will apply to SAMSUNG Companies Business Partners Data
DATA FLOWS[E7]
|
|
| ||||||||||
|
|
|||||||||||
|
|
|||||||||||
|
|
|||||||||||
|
System |
Function |
Data Categories |
Usage |
End User |
Flow Path |
Storage |
Integration point of time |
|
ApMS- Application Monitoring System |
Monitoring enterprise's SCM-related KPI (Key Performance Indicators) to check the operation level of 7 important SCM systems |
User registration and access information(name, department name, MySingle email, day and time of last connection, IP address of last connection) |
to manage access data for security and analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
CMS-Contents Management System |
Collects and manages content (manuals, product information
etc) related to service and marketing area |
1) Employee's Details (Name, Department, Name, Position, email,
Phone Number) |
1) user authentication and payment, mailing service |
1) system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
EAMS - |
Enterprise Architecture management system to provide IT
strategy, principles, standards and governance about |
User information(Mysingle id, User name, Department, Name,
Company Code, Company Name, |
to manage EAMS users |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
IRP - Information Resource Planning |
Managing the lifecycle of enterprise information systems in all areas like investment, projects, performance, assets, cost and human resources |
Employee's access Information(Day and time of last connection, MySingle ID, IP, Name, singleid, Position, Department Name, Division, Company) |
to analyze the level of usage of the system |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
IT-VOC |
Managing employee's suggestions(VOC) for improvement about all enterprise systems |
1)Employee's access information (ID ,Division, Subsidiary,
Department, Name, Name, Position, IP, Day and time of last connection) |
1)to manage access data for security and analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
myDMS - Document Management System |
Management system of approval/general documents generated in MySingle system for SEC employees |
Employee's Information(Name,Position Level Code,Company Name,Company Code,Department Name,Department code,Department Name(English),Name(English),E-mail) |
to manage access rights |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
WTN - Worldwide Trading Network |
Supporting real-time transaction of purchase/sales data(purchase order, sales order etc) between SEC HQ and branches |
Employee's information (Name, Email, Subsidiary) |
to send E/W mySingle mails to each work groups on occasion of occurrence of PO-SO discrepancy |
persons in charge of PO/SO management, account managers |
Direct from employee to server based in |
Hosted on Server(HQ, |
2010.01 |
|
GCMS - Global Credit Management System |
Provides information related to risk hedging to prevent risk about A/R (account receivable) of SEC HQ and subsidiaries |
Employee's access information(e.g. Name,Position,Department Name,Phone Number,MySingle ID,Email,Day and time of last connection) |
user authentication, security, payment, mailing system Admin |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
2010.01 |
|
GMPS - Global Management Planning System |
Managing every year's management planning(planned the year before) of overseas subsidiaries |
1)Employee's access information(Day and time of last
connection, MySingle ID, IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
2010.01 |
|
GSMS - Global Sample Management System |
Supports receipt/issue/inventory management of product samples over all subsidiaries |
Employee's access information(Name,Position,Department Name,Phone Number,MySingle ID,Email,Day and time of last connection) |
user authentication, security, payment, mailing system Admin |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
2010.01 |
|
GBIS - Global Business Intelligence System |
Reports integrated business information like sales/marketing costs/vendor margin/return costs, which collected from overseas information systems |
Employee's access information(User Name,Day and time of last connection, MySingle ID,Subsidiary,IP) |
user authentication and log analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
2010.01 |
|
SELP - Samsung electronics Export Logistics Portal |
Support sharing purchase-related information with business partner which is necessary for production subsidiaries to procure materials |
Employee(Person in charge of subsidiary claims) access information(MySingle ID, Department, Email, Date of last connection) |
security and management of current status of connection |
claim managers for subsidiaries |
Direct from employee to server based in |
Hosted on Server(HQ, |
2009.01 |
|
CIS - Code Information System |
Management system of enterprise master codes (product, material, model, components, and customers) |
1)Employee's Access Information(Day and time of last
connection, MySingle ID,Department Name,Phone Number,IP) |
1)to manage current status of connection for security and
analysis |
1)system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
S-MOLD(Mold Management System) |
Manages lifecycle(from approval to development and disposal) of molds developed in domestic and overseas |
1)Employee's Information(Name, Department Name,Position,
IP, Day and time of last connection, Menu path accessed,e-mail,) |
1)user authentication, user audit |
1)system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
Global MCM - Global Material Cost Management |
Provides analysis and reports about manufacturing cost and material for saving these costs |
Employee's access information(Day and time of last connection, MySingle ID,Department Name,IP) |
to manage current status of connection for security and analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
2010.01 |
|
V-Glonets Buyer |
supports procurement work of domestic/overseas subsidiaries such as supporting procurement of long-term delivery materials/short-term delivery materials and reporting procurement information |
1)Employee's access information(Day and time of last
connection, MySingle ID) |
1)security and management of current status of use |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
2010.01 |
|
Global SCM UI |
Provides visibility of core APS functions concerned with demand and supply of overseas sales/production subsidiaries |
Employee's access information(Day and time of last connection, MySingle ID,Name,Department Name,Position,Phone Number,e-mail,IP) |
to manage current status of connection for security and analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
SigmaPark |
Supports SEC 6sigma project management, 6sigma expert pool management, and management of education on 6sigma |
1)Employee's access information(Day and time of last
connection, MySingle ID,Department Name,Phone Number,IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
GCoA - Global Chart of Account |
Unify financial accounts of domestic/overseas subsidiaries |
Employee's information(Email, Phone Number, SubsidiaryCode) |
to manage registration of GCoA manager of subsidiaries |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
2010.01 |
|
SEGAM - SEC Global Accouting Manual |
Provides manuals about global financial accounting based on policies and standards |
1)Employee's access information (Day and time of last
connection, MySingle ID,IP) |
1)security and management of current status of system use |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
SENS - Samsung Electronics Nontrading System |
Records trade information about revenues and costs between HQ and subsidiaries and connects these records with financial statement |
1)Employee's access information(Day and time of last
connection, MySingle ID,IP) |
1)security and management of current status of system use |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
2010.01 |
|
Global Consolidation Package System |
Reports and Collects the final result in excel format about closing of accounts results audited by local inspector |
1)User access information(Day and time of last connection,
MySingle ID,IP) |
1)security and management of current status of system use |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
Global Fund Management System |
Provides information about operating financial funds of overseas subsidiary such as debt and balance between income and expenses calculated daily and monthly |
Employee's access information(Day and time of last
connection, MySingle ID,IP) |
for accessing web system and sending e-mails about financial funds information |
system administrators, financial accounting team in HQ and Overseas |
Direct from employee to server based in |
Hosted on Server(HQ, |
2010.01 |
|
GIMS - Global Inventory Management System |
Supports management of an adequate amount of inventory by providing special logic in head office and each subsidiary |
Employee's access information((Mysingle id) |
for accessing web system and inquiries for inventory data |
people authorized by subsidiaries |
Direct from employee to server based in |
Hosted on Server(HQ, |
2010.01 |
|
GMAS - Global Management Analysis System, |
Analyze financial management information of all subsidiaries by managing BS(Balance Sheet) and PL(Profit and Loss) chart |
Employee's access information(MySingle ID) |
for accessing web system and inquiries for management information |
people authorized by subsidiaries |
Direct from employee to server based in |
Hosted on Server(HQ, |
2010.01 |
|
CS-NET (CS |
A portal system consists of 11 web systems related to product quality |
1)Employee's access information(Day and time of last connection,
MySingle ID,Department Name,Phone Number,IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
Megasys (CS |
A planning system which supports forecasting demand of service materials in logistics, Supports delivery of materials to the exact location and in optimal time-span. |
Employee's access information (Userid, passwd, Division) |
demand forecast |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
GSDW - Global Service Information Portal |
management system of key indicators in quality, service, education, and contents areas for overseas service subsidiaries |
1)Employee's access information(Day and time of last
connection, MySingle ID,Department Name,Phone Number,IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
2010.01 |
|
SVOC (CS |
integrates VOC data submitted through phone, e-mails, websites, internal systems, etc. and provides the data to requesting divisions |
1)Employee's access information(Day and time of last
connection, IP,Numbers of connection) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
Invest(GMO) |
Analyze and Manage overseas marketing investment (planning/execution/performance) of HQ, subsidiaries and branches related to overseas marketing business |
Employee's access information(MySingle ID,Department Name,email,Name) |
management of user authorization and current status of connection for security/analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
mNet(GMO) |
Global Marketing portal system which analyse information on marketing, sales in global market |
User registration information (Name, Email, Department, Position, IP, Phone Number, Day and time of last connection) |
current status management for user analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
GCIC (GMO) |
Collects global customer information and analyzes propensity to consume of each customer in each country or product |
1)Employee's access information(Day and time of last
connection,MySingle ID,Department Name,IP) |
1)security and management of current status of connection |
1)system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
GEMS (GMO) |
Sending emails to target customers for marketing and trace/analyze the feedback |
1)Employee's access
information(Day and time of last connection,MySingle ID,Department Name,IP) |
1)security and management of current status of connection |
1)system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
Design Project Management System |
Managing lifecycle of design development projects |
1)Employee's information (Name,Department Name, ,Position,email,Phone
Number) |
1)membership registration of the websites and management |
1)system administrators, members (to change personal
information) |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
mVOC.net( |
Mobile Communication Division's integrated management system of VOC data |
1)Employee's access information(Day and time of last
connection, MySingle ID,Department Name,IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
MD.Net( |
MD-NET (Mobile Design Information & Management
Network) |
Employee's information (Name,Department
Name,Position,email,Phone Number,Company) |
user authentication and mailing service, |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
MPS( |
Supports jobs related to mobile phone's specification (export, additional accessories, wrapping, WAP) |
1)Employee's access information(Day and time of last
connection, MySingle ID,Department Name,Phone Number,IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
MISS( |
Mobile Communication Division's marketing portal - Integration and Analysis of marketing contents |
Employee's access information(Day and time of last connection, MySingle ID,Department Name,Phone Number,IP) |
for inquiries for contents of mobile phone products |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
AnySVC mobile(Mobile) |
Provide overseas service centres with tips for repairing mobile phones |
User access information(Day and time of last connection, MySingle ID,Department Name,Phone Number,IP) |
management of user and current status of connection |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
SPDM (VD) |
Computerize jobs throughout all process from product planning, development to manufacturing release, and Used in head office and overseas offices |
Employee's registration and access information (Name, Email, Position, Department Name, MySingle ID, Day and time of last connection, User IP address) |
management of user and current status of connection for security/analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
DM Portal (DM) |
Integrated management system of portal sites of DigitalMedia Division |
1)User information (Position,Department Name,Phone
number,MySingle ID) |
1)user authentication and setting access rights, mailing
service |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
|
A portal system for |
.Employee's information(Position,Department Name, Phone
Number, Single ID) |
to manage current status of connection for security and analysis, user authentication, approval, mailing service |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
APS-MP (VD) |
An SCM system which supports production planning that complies with real demand |
Employee's access information(MySingle ID,Name,Position,email, Department Phone Number) |
user authentication and payment, mailing service |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
VISS-Net (System Appliance) - VOC |
Collects VOC about products produced by System Appliance Division to include the VOC in planning and developing stage |
User access information(Name,Department Name,Position,Email,Phone Number,IP,Day and time of last connection) |
user authentication and management of current status of connection for security |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
MIDAS (LCD) |
Analyze raw data generated by MES, SCM, ERP in LCD HQ |
1)User access information(Day and time of last connection,
IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
S-Focus (LCD) |
Integrated management system about RMA (Return material authorization) process from customer's request to repair in LCD Divison |
1)User access information(Day and time of last connection,
IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
SPDM for LCD (LCD) |
Computerize jobs throughout all process from product planning, development to manufacturing release, and Used in head office and overseas offices |
Employee's registration and access information (Name, Email, Position, Department Name, MySingle ID, Day and time of last connection,ip) |
management of user and current status of connection for security/analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
DEX(CTO)- Data convert system |
Supports CAD data exchange between internal developers and collaborative partners |
.Employee's information (Name, Company, Department
Name,Position,email,Phone Number) |
user authentication and payment, mailing service |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
|
Portal site sharing R&D knowledge in Corporate Technology Operations Division |
Employee's information (Name,Department Name,Position,email) |
user authentication and payment, mailing service |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
APS-DP (Semiconductor) |
Semi-conductor Division's SCM system, and forecasts demand on sales |
Employee's information (Name,Department Name,Position,email,Phone Number) |
user authentication and payment, mailing service |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
Development Workplace (Memory) |
System for managing and integrating processes and data on product development lifecycle |
User access information(Day and time of last connection,IP) |
to manage current status of connection for security and analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
TIPS (SYS.LSI) |
Provides total business information like sales, KPI, marketing areas for System LSI Division |
1)User access information(Day and time of last connection,
MySingle ID,Department Name,Phone Number,IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
TOBIS (Memory) |
Provides total business information of Memory Divison , collects data such as sales/production/inventory/costs/management plan from many different systems, and analyze them in report and chart format |
1)User access information(Day and time of last connection,
MySingle ID,Department Name,Phone Number,IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
Customer Workplace (Semiconductor) |
Supports customer collaboration within Semi-conductor Division |
Employee's access information (Day and time of last connection, MySingle ID,Department Name,Phone Number,IP) |
user authentication |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
SAP (Semiconductor) - Sales and Order Management |
Semi-conductor Division's ERP system which manages the whole sales-related work such as receiving orders/shipping/billing |
1)User access information(Day and time of last connection,
MySingle ID,Department Name,Phone Number,IP) |
1)to manage current status of connection for security and
analysis |
1)system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
2009.01 |
|
Buyer workspace (website) |
to manage key subjects to help business partner strengthen the competitiveness as partner |
User information(Company code, User name, phone
number,email) |
to send email to person in charge of procurement in
business partner, |
employee in charge of procurement |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
APS Management System(KAIS) |
Manages KPI for SCM |
User access information(Day and time of last connection, MySingle ID,Department Name,Phone Number,IP) |
to manage current status of connection for security and analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
DC&P System |
Dealing with laws about Finance and accounting |
1)User access information(Day and time of last connection,
MySingle ID, IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
OSCL (Network) |
Issues License key for OfficeServ CTI S/W |
1)User access information(Day and time of last connection,
MySingle ID, Department Name, Phone number, IP) |
1)to manage current status of connection for security and
analysis |
Distributor Master and Operator |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
GSBN - Global Samsung Business Network |
Supports collaboration between SEC branches/subsidiaries and external business partners in SCM, PRM, Marketing areas |
1)User access information(Day and time of last connection,
MySingle ID,Department Name,Phone Number,IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
SSeMS - Supplier e-Management System |
Managing lifecycle( from registration to evaluation, termination of contract) of business partners as collaborative company, over all domestic and overseas |
1)User access information(Day and time of last connection,
MySingle ID,Department Name,Phone Number,IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
e-HMS (CS |
Registers and checks whether the materials contain toxic substances to comply with the regulation, RoHS, which EU prohibits importing of products containing toxic substances |
1)Employee's access information(Day and time of last
connection, MySingle ID,Department Name,Phone Number,IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
STELS (CS |
integrated online training system for global service engineers and contact center counselors |
1)User access information(Day and time of last connection,
ID ,IP) |
1)to manage current status of connection for security and
analysis |
1)system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
SQCI - Supplier Quality Control Innovation |
quality monitoring system of products produced by partners |
1)Employee's access information(Day and time of last
connection, MySingle ID,IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
Qnet (Network)- Quality Network |
Service management system about products released by Network division, supports pending issue and unsolved problems that is needed to request development department to solve |
1)Employee's access
information(Day and time of last connection,MySingle ID,Department Name,Phone
Number,IP) |
1)to manage current status of connection for security and
analysis |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
prins (Printing) |
Supports management and effective use of key knowledge in
Printing division |
Employee's access information(Name, Position, email, Phone Number, Day and time of last connection, IP of last connection) |
membership registration for the website, |
System administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
Smart-HA (System Appliance) |
System Appliance Division's system for sharing product-related information between head office employees and PMs and local employees of overseas subsidiaries and branches |
1)Employee's information (Name, Subsidiary,Department Name,Position,email,Phone Number, Role) |
1)membership registration of the websites and management |
1)system administrators, members (to change personal information) |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
CPCex (CTO) |
Supports collaboration of GBM, overseas subsidiaries, partners and Labs in development |
Employee's information (Name,Department Name,Position,email) |
user authentication and payment, mailing service |
system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
E-sourcing system |
Support sourcing agreement for procurement from business partner |
Employee's information( email, phone number) |
to have cooperative relationship as business partner with new partner |
employee in charge of procurement |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
eGLS - e Global Logistics System |
Provides enterprise standard process about logistics area and manages performance and KPI about logistics |
1)Employee's access information(Day and time of last connection,MySingle ID,Department Name,Phone Number,IP) |
1)to manage current status of connection for security and analysis |
1)system administrators |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
GHR - Global HR management system |
Overseas personnel management system |
Employee's profile (Name,Department Name,Position, Roles, Academic background, Career, Address, email, hired/retired date, Date of birth, sex, Phone Number, Salary, Performance review record, Training history), User login information |
to use statistical data of HR information |
system administrators, HRM team members, authorized people in subsidiaries (HR managers for main office/GBM, resident employees in overseas HQs, and people employed by subsidiaries) |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
GHRS - Global HR system(DW) |
SEC HR(human resources) DataWarehouse that collects data related to human resources of head office, overseas subsidiaries |
Employee's profile (Name,Department Name,Position,Roles, Academic background, Career, Address, email, hired/retired date, Date of birth, sex, Phone Number, Salary, Performance review record, training history) |
to use statistical data of HR information |
system administrators, HRM team members, authorized people in subsidiaries (HR managers for main office/GBM, and resident employees in overseas HQs) |
Direct from employee to server based in |
Hosted on Server(HQ, |
- |
|
MyProject- Project Mana |
1)Supports development projects of Mobile Devision |
1)Employee's registration information (MySingle ID, Name, Department Name, Phone
Number, Email) |
1)user authentication and payment, mailing service |
system administrators,B2B partners, persons in charge of partners |
Direct from employee to server based in |
Hosted on Server (HQ, |
- |
|
syncsight (VD) - https://w |
Sharing marketing information with B2B users and VD division's subsidiaries related to VD division |
1)User access information(Day and time of last connection,
MySingle ID, Name, email, Country,Subsidiary) |
1)to manage current status of connection for security and
analysis |
system administrators, administrators, persons in charge of partners |
Direct from employee to server based in |
Hosted on Server (HQ, |
- |
|
Corporate GWP System |
Supports corporate GWP(Great WorkPlace) activities |
Employee's profile (Name, Single ID, Position, Department
Name, Company Name,Data of birth, Sex, Roles, Working location, employee
status, Academic background) |
evaluation of GWP activities and user authentication |
employees in subsidiaries |
Direct from employee to server based in |
Hosted on Server (HQ, |
- |
|
|
| ||||||||||
|
|
|||||||||||
|
|
|||||||||||
|
|
|||||||||||
|
System |
Function |
Data Categories |
Usage |
End User |
Flow Path |
Storage |
Integration point
of time |
|
GSBN - Global Samsung Business Network |
Supports collaboration between SEC branches/subsidiaries and extenal business partners in SCM, PRM, Marketing areas |
Business Partners(Collaborative company) Details(Company name, Phone Number,Representative person,email, Address) |
1)to manage
current status of connection for security and analysis |
system administrators, B2B partners, persons in charge of partners |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
SSeMS - Supplier e-Management System |
Managing lifecycle( from registration to evaluation, termination of contract) of business partners as collaborative company, over all domestic and overseas |
Business Partners(Collaborative company) Details(Company name,Phone Number, Representative Person of company,email, Address) |
1)to manage
current status of connection for security and analysis |
system administrators, B2B partners, persons in charge of partners |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
e-HMS (CS |
Registers and checks whether the materials contain toxic substances to comply with the regulation, RoHS, which EU prohibits importing of products containing toxic substances |
Business Partners(Collaborative company) Details(Company name,Phone Number,Representative person,email, Address) |
1)to manage
current status of connection for security and analysis |
system administrators, B2B partners, persons in charge of partners |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
STELS (CS |
integrated online training system for global service engineers and contact center counselors |
Business partner's information in charge of repair service(Company Name,Phone Number,Representative person,email, Address) |
1)to manage
current status of connection for security and analysis |
system administrators,education managers for subsidiaries |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
SQCI - Supplier Quality Control Innovation |
quality monitoring system of products produced by partners |
Business Partners(Collaborative company) Details(Company Name,Phone Number,Name of president,email, Address) |
1)to manage
current status of connection for security and analysis |
system administrators, B2B partners, persons in charge of partners |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
Qnet (Network)- Quality Network |
Service management system about products released by Network division, supports pending issue and unsolved problems that is needed to request development department to solve |
1)Personal's
information (Email,ID,Name,Department Name,Position, Company phone number,
Cell phone number) |
1)to manage
current status of connection for security and analysis |
1)system
administrators |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
prins (Printing) |
Supports
management and effective use of key knowledge in Printing division |
reseller information (Company name,Phone Number,email, ID) |
membership
registration for the website, |
- system
administrators |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
Smart-HA (System Appliance) |
System Appliance Division's system for sharing product-related information between head office employees and PMs and local employees of overseas subsidiaries and branches |
Business Partners(Collaborative company) Details(Company name, Name of president,Phone Number,email,Address, Subsidiary,Person's name of contact) |
1)membership
registration of the websites and management |
1)system
administrators, members (to change personal information) |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
CPCex (CTO) |
Supports collaboration of GBM, overseas subsidiaries, partners and Labs in development |
B2B company information (Name,Department Name,Position,email) |
user authentication and payment |
system administrators |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
E-sourcing system |
Support sourcing agreement for procurement from business partner |
Business partner information (Address, Representative Person, Representative Person's birthday, email, phone number) |
to have cooperative relationship as business partner with new partner |
employee in charge of procurement and person in business partner |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
ERMS-Email Response Management System |
Enterprise WEB system for integrated management of e-mails from customers submitted through externally opened websites |
call center communication infomation with B2C custo |
counselling and customer analy |
|
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
OnLine Customer DB |
Manages B2C and B2B online users' LDAP, authorization, membership by using Data encryption technology |
1)Business
Partners(Collaborative company) Details(Company code, Company name, User
Name, Phone Number, , email, Address) |
1)for total
management of customer information of B2B partners |
1)B2B partners,
persons in charge of partners |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
WMC - |
Provide policies and guidelines about web design and infrastructure for planning and developing enterprise websites |
User access information(User ID with B2B authenticat |
to manage access data |
system administrators |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
ITTS - Intransit Tracking System |
Tracking the progress of goods while being shipping from head office/production subsidiaries to Sales/logistics subsidiaries |
1)User access
information(Day and time of last connection, ID,Phone Number,IP) |
1)user
authentication and mailing service |
system administrators |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
V-Glonets Supplier |
supports domestic/overseas subsidiaries to collaborate with partners in procurement area |
Business Partners(Supplier company) Details(Compa |
for sending e-mails to people w |
system -> B2B partners |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
SLPS - Samsung Local Procurement System |
Support sharing purchase-related information with business partner which is necessary for production subsidiaries to procure materials |
Business Partners(Supplier company) Details(Compa |
for sending e-mails to people w |
system -> B2B partners |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
Global PR Database |
Shares head office's PR strategy, guidelines and main activities on multimedia with PR managers in global subsidiaries, branches and overseas agencies |
User registration and access information(Day and ti |
membership registration of the |
system administrators, members (to change personal information) |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
GICOS (VD) |
Supports billing of repair charge and payment that service company repairing TV/Monitor requests overseas |
Business Partners(Collaborative company) Details(Co |
for total management of custom |
B2B partners, persons in charge of partners |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
GPS (VD) - WEB Service |
Supports free exchange and controlling inventory of Monitor panel overseas |
Business Partners(Collaborative company) Details(Co |
for total management of custom |
B2B partners, persons in charge of partners |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
WISE (Computer) |
Supports global
self-service on computer products |
Business partner's information in charge of repair service(Company Name,Phone Number,Representative person,email, Address) |
user authentication and mailing s |
persons in charge of partners |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
syncsight (VD) - https://www.syncsight.com |
Sharing marketing information with B2B users and VD division's subsidiaries related to VD division |
Business Partners(Collaborative company) Details(Company name,Phone Number,email, Name,Position) |
1)to manage
current status of connection for security and analysis |
system administrators, administrators, persons in charge of partners |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
AV Online Service
Management System (AV) |
Global website for advertising MP3 products and cultivating mania groups |
B2C personal customer information (Name,Address,e |
membership registration of the |
system administrators, members (to change personal information) |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
Samsung System Aircon (System Appliance) |
An external site for advertising products, electronic system air conditioner |
User Access Information (Name, Email,country,Date o |
user authentication and control |
system administrators |
Direct from
person(Non-employee) to server based in |
Hosted on Server (HQ,
| |
|
c-Dance |
Semi-conductor Division's B2B system which supports collaboration with customers in a series of work from purchase request to shipping by using RosettaNet (International standard for e-commerce) technology |
User information(ID, Password, e-mail, Company, De |
information for analysis of user-l |
system administrators |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
WEB Site for |
SEC European
website |
1)Business
partners(collaborative company)'s information (Company name, Phone Number,
Representative person,Address, Homepage address,email) |
1)request from
Semi-conductor subsidiary (for statistical analysis) |
1)customer
companies, partners |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
Supplier portal (website) |
Portal system for procurement between Samsung and Business partner |
Business Partner
information(Company code, User name, Phone number,email) |
to send email to
person in charge of procurement in business partner, |
person in charge of procurement in business partner |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
GRMS-Returned goods Management System |
Define standard process for returning goods, monitor returned goods approval status and delivery information |
Buyer(company) information (Company name,Phone N |
for registration of returned good |
subsidiaries, 3PL,
Buyer, ASC |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, | |
|
MyProject- Project
Management System( |
1)Supports
development projects of Mobile Devision |
Business Partners(Collaborative company) Details(Company name,Phone Number,Representative person,email, Address) |
1)user
authentication and payment, mailing service |
system administrators,B2B partners, persons in charge of partners |
Direct from
person(Non-employee) to server based in |
Hosted on Server
(HQ, |
|
|
| ||||||||||||||||||||
|
| |||||||||||||||||||||
|
System |
Function |
Data Categories |
Usage |
End User |
Flow Path |
Storage |
Integration point
of time | ||||||||||||||
|
GTMS - Global Treasury management System |
Manage overseas subsidiaries' cash flow and standardize overseas subsidiaries' Treasury business |
Employee's information (Name, Department Name,Position,Email,Phone Number) |
to do approval service and to manage current status of connection for security and analysis |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
GSPN( |
Supports repairing service of external service company and provides functions such as download service manuals, drivers, user manuals |
1)User access
information(Day and time of last connection, IP, Count of connection) |
1)to manage
current status of connection for security and analysis |
system administrators, ASC managers |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
STLS - Samsung Trading & Logistics System |
Automation system about trading and logistics between subsidiaries and collaborative partners such as banks, 3PL, insurance companies and shipping companies |
B2B customer information (Address, Phone Number) |
to provide information on partners related to logistics, included in EDI documents |
partners related to logistics, 3PL |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
Campaign Designer |
Supports planning/execution/analysis of campaigns through emails |
1)User access
information(Day and time of last connection,MySingle ID,Department Name,IP) |
1)security and
management of current status of connection |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SFC (Europe) - |
To Popularize Samsung Mobile Phone &SFC website. To download Ringtones, Screensavers, wallpapers etc. |
1)User access
information(Day and time of last connection,MySingle ID,Department Name,IP) |
1)security and
management of current status of connection |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SFC (SEBN) - |
To Popularize Samsung Mobile Phone &SFC website. To download Ringtones, Screensavers, wallpapers etc. |
1)User access
information(Day and time of last connection,MySingle ID,Department Name,IP) |
1)security and
management of current status of connection |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SFC (SEBN) - |
To Popularize Samsung Mobile Phone &SFC website. To download Ringtones, Screensavers, wallpapers etc. |
1)User access
information(Day and time of last connection,MySingle ID,Department Name,IP) |
1)security and
management of current status of connection |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SFC (SEF) - |
To Popularize Samsung Mobile Phone &SFC website. To download Ringtones, Screensavers, wallpapers etc. |
1)User access
information(Day and time of last connection,MySingle ID,Department Name,IP) |
1)security and
management of current status of connection |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SFC (SEG) - |
To Popularize Samsung Mobile Phone &SFC website. To download Ringtones, Screensavers, wallpapers etc. |
1)User access
information(Day and time of last connection,MySingle ID,Department Name,IP) |
1)security and
management of current status of connection |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SFC (SEI) - |
To Popularize Samsung Mobile Phone &SFC website. To download Ringtones, Screensavers, wallpapers etc. |
1)User access
information(Day and time of last connection,MySingle ID,Department Name,IP) |
1)security and
management of current status of connection |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SFC (SENA) - |
To Popularize Samsung Mobile Phone &SFC website. To download Ringtones, Screensavers, wallpapers etc. |
1)User access
information(Day and time of last connection,MySingle ID,Department Name,IP) |
1)security and
management of current status of connection |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SFC (SEOL) - |
To Popularize Samsung Mobile Phone &SFC website. To download Ringtones, Screensavers, wallpapers etc. |
1)User access
information(Day and time of last connection,MySingle ID,Department Name,IP) |
1)security and
management of current status of connection |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SFC (SEP) - |
To Popularize Samsung Mobile Phone &SFC website. To download Ringtones, Screensavers, wallpapers etc. |
1)User access
information(Day and time of last connection,MySingle ID,Department Name,IP) |
1)security and
management of current status of connection |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SFC (SESA) - |
To Popularize Samsung Mobile Phone &SFC website. To download Ringtones, Screensavers, wallpapers etc. |
1)User access
information(Day and time of last connection,MySingle ID,Department Name,IP) |
1)security and
management of current status of connection |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SFC (SEUK) - U.K |
To Popularize Samsung Mobile Phone &SFC website. To download Ringtones, Screensavers, wallpapers etc. |
1)User access
information(Day and time of last connection,MySingle ID,Department Name,IP) |
1)security and
management of current status of connection |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
WEB Site for
Europe HQ |
SEC European
website |
1)Purchasing
information of B2C personal customers (Name, Date of birth, Address, Email, Phone Number, product purchased,
time and place of purchase) |
1)to collect the
customer's history of product purchase |
system administrators, marketing managers, applicants, recruiting managers |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
CRM-CIC ( |
Manages works of service contact center such as dealing with VOC, and monitoring the progress of settlement |
information with B2C personal customers (Name,Address,Email,Products purchased) |
to analyze customers and to deal with provision of services |
system administrators, contact center managers |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
CRM-CM |
. Collects
customer data |
1)User access
information(Day and time of last connection, MySingle ID,Department
Name,Phone Number,IP) |
1)to manage access
data for security and analysis |
1)system
administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
e-Office ( |
Supports office automation of subsidiaries |
1)User access
information(MySingle ID, Password, Date of last connection) |
1)to manage
current status of connection for security and analysis |
1)system
administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
RDW ( |
Accumulates subsidiaries' management information data such as sales and financial information and Provides these data to other web sites |
User access information(User Name,Day and time of last connection, MySingle ID,Subsidiary Code, User IP of last connection) |
user authentication and log analysis |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server in
| |||||||||||||||
|
SIMS ( |
Work portal system
for employees in overseas subsidiaries |
User access information(Day and time of last connection, MySingle ID,User IP of last connection) |
log-in data to analyze logs |
system administrators, SIMS administrators for subsidiaries |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
APS-FP (SEH) |
Manages schedule about production plan of production subsidiaries in global SCM |
User Access Information(user,password,User IP of last connection) |
user authentication |
system administrators, production managers |
Direct from Admin to server based in Country(EU) |
Hosted on Server in SEH subsidiary | |||||||||||||||
|
APS-FP (SESK) |
Manages schedule about production plan of production subsidiaries in global SCM |
User Access Information(user,password,User IP of last connection) |
user authentication |
system administrators, production managers |
Direct from Admin to server based in Country(EU) |
Hosted on Server in SESK subsidiary | |||||||||||||||
|
Global MES (SEH) |
Support manufacturing execution which deliver information enabling the optimization of production activities from order launch to finished goods, and provides functions such as resource allocation, dispatching production units, data collection/acquisition, quality management, performance analysis, operations/detail scheduling and labor management, etc. |
User access information(Day and time of last connection, MySingle ID,Department Name,Phone Number,User IP of last connection) |
to manage current status of connection for security and analysis |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server in SEH subsidiary | |||||||||||||||
|
Global MES (SESK) |
Support manufacturing execution which deliver information enabling the optimization of production activities from order launch to finished goods, and provides functions such as resource allocation, dispatching production units, data collection/acquisition, quality management, performance analysis, operations/detail scheduling and labor management, etc. |
User access information(Day and time of last connection, MySingle ID,Department Name,Phone Number,User IP of last connection) |
to manage current status of connection for security and analysis |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server in SESK subsidiary | |||||||||||||||
|
SAP SVC (ECC) |
ERP system which supports sales process about supplying service material to external company serving repairing service in Europe |
User Access Information(Day and time of last connection, ID, Department Name) |
to analyze access data |
system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SAP (SEBN) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User
Information(ID, Name, Department Name, Role, Company, Position, Company Phone
Number, Company Fax Number, Email) |
to do ERP work |
employees in subsidiaries and of warehouse companies |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SAP (SEF) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
Company Name, Dept, Position, Company address |
basic system for the subsidiaries (for understanding status of sales, profit-and-loss, inventory, etc) |
employees in SEF subsidiary ,system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
partner.samsung
(SEG) - |
Supports collaboration with partners , provides detailed product information and manages partner's points according to trading increases |
Business partner Details(Name, Company Name, Phone Number) |
Business partners, employees in subsidiaries |
Hosted on Server
in | |||||||||||||||||
|
SAP (SEG) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User Information(ID, Name, Department Name, Role, Company) |
to do ERP work |
employees in subsidiaries and of warehouse companies,system administrators ,system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
STARLIGHT (SEG) |
Manages reseller sell-in and sell-out, pays incentive and provides community function |
User
Information(ID, Name) |
employees in subsidiaries |
Hosted on Server
in | |||||||||||||||||
|
Country Web Site
(SEG) - |
websites for advertizing the products/services/marketing to customers |
User Information(ID, Name), |
general users |
Hosted on Server
in | |||||||||||||||||
|
SAP (SEH) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User
Information(ID, Name, Department Name, Role, Company, Position, CompanyPhone
Number, CompanyFax Number, EmailAddress) |
to do ERP work |
employees in subsidiaries and of warehouse companies ,system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SAP (SELS) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User
Information(ID, Name, Department Name, Role, Company, Position, CompanyPhone
Number, CompanyFax Number, EmailAddress) |
to do ERP work |
employees in subsidiaries and of warehouse companies,system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SAP (SENA) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User
Information(ID, Name, Department Name, Role, Company, Position, CompanyPhone
Number, CompanyFax Number, EmailAddress) |
to do ERP work |
employees in subsidiaries and of warehouse companies,system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SAP (SEP) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User
Information(ID, Name, Department Name, Role, Company, Position, CompanyPhone
Number, CompanyFax Number, EmailAddress) |
to do ERP work |
employees in subsidiaries and of warehouse companies,system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SAP (SESA) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User Access Information(Day and time of last connection), Customer Details(Company name,Address,Phone Number) |
to do ERP work |
account/management, AR, Order desk, sales users,system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SAP (SESK) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User
Information(ID, Name, Department Name, Role, Company, Position, CompanyPhone
Number, CompanyFax Number, EmailAddress) |
to do ERP work |
employees in subsidiaries and of warehouse companies,system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SAP (SEUK) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User
Information(ID, Name, Department Name, Role, Company, Position, CompanyPhone
Number, CompanyFax Number, EmailAddress) |
to do ERP work |
employees in subsidiaries and of warehouse companies,system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SAP (SEHG) |
SEHG's ERP system which supports FI/CO related work |
User
Information(ID,Name, Department Name,Role, Company,Position,CompanyPhone
Number,CompanyFax,Email) |
to do ERP work |
employees in subsidiaries and of warehouse companies,system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SAP (SSEG) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User
Information(ID,Name,Department Name,Role,Company,Position,CompanyPhone
Number,CompanyFax Number,Email) |
to do ERP work |
employees in subsidiaries and of warehouse companies,system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SAP (SSEL) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User
Information(ID,Name,Department Name,Role,Company,Position,CompanyPhone
Number,CompanyFax Number,Email) |
to do ERP work |
employees in subsidiaries and of warehouse companies,system administrators |
Direct from Admin to server based in Country(EU) |
Hosted on Server
in | |||||||||||||||
|
SAP (SEAG) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User
Information(ID, Name, Department Name, Role, Company, Position, CompanyPhone
Number, CompanyFax Number, EmailAddress) |
to do ERP work |
employees in subsidiaries and of warehouse companies,system administrators |
Direct from Admin to server based in Country(EU) | ||||||||||||||||
|
SAP (SELSK) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User Information(ID,
Name, Department Name, Role, Company, Position, CompanyPhone Number,
CompanyFax Number, EmailAddress) |
to do ERP work |
employees in subsidiaries and of warehouse companies,system administrators |
Direct from Admin to server based in Country(EU) | ||||||||||||||||
|
SAP (SEPOL) |
ERP system which supports subsidiaries' sales, purchasing, accounting, logistics |
User
Information(ID, Name, Department Name, Role, Company, Position, CompanyPhone
Number, CompanyFax Number, EmailAddress) |
to do ERP work |
employees in subsidiaries and of warehouse companies,system administrators |
Direct from Admin to server based in Country(EU) | ||||||||||||||||
|
|
| ||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||
|
From System |
To System |
Function |
Data Categories |
Usage |
End User |
Flow Path |
Storage |
Integration point
of time |
|
MySingle |
MySingle |
Enterprise Intranet System providing functions and contents such as mailing, approval, board, or links to company's internal systems |
Employee's Profile (Fullname,Surname,First Name,Fullname(English),Surname(English),First Name(English),Sex, Subsidiary Company Code,Subsidiary Company Name,Subsidiary Company Name(English),Department Code,Department Name,Position Level Code,Position Level Name,Company Address,Language,an executive person or not,maximum file size the person can attach,natives or not,Security Level ,User Level ,employee status (in office, retired,temporarily not working),Date of Birth) |
to support mailing service between employees as Samsung intranet system |
group intranet users, managers of each affiliates and group |
Direct from
employee to server based in |
Hosted on
Server(HQ, | |
|
SAP |
GHR - Global HR management system |
Overseas personnel management system |
Employee's profile (Name,Department Name,Position, Roles, Academic background, Career, Address, email, hired/retired date, Date of birth, sex, Phone Number, Salary, Performance review record, Training history), User login information |
to use statistical data of HR information |
system administrators, HRM team members, authorized people in subsidiaries (HR managers for main office/GBM, resident employees in overseas HQs, and people employed by subsidiaries) |
Data Interface
from Server in Country to Server in |
Hosted on Server
(HQ, | |
|
SAP |
GHRS - Global HR system(DW) |
SEC HR(human resources) DataWarehouse that collects data related to human resources of head office, overseas subsidiaries and child companies |
Employee's profile (Name,Department Name,Position,Roles, Academic background, Career, Address, email, hired/retired date, Date of birth, sex, Phone Number, Salary, Performance review record, training history) |
to use statistical data of HR information |
system administrators, HRM team members, authorized people in subsidiaries (HR managers for main office/GBM, and resident employees in overseas HQs) |
Data Interface
from Server in Country to Server in |
Hosted on Server
(HQ, | |
|
SAP |
eGLS - e Global Logistics System |
Provides enterprise standard process about logistics area and manages performance and KPI about logistics |
1)Employee's
access information(Day and time of last connection,MySingle ID,Department
Name,Phone Number,IP) |
1)to manage
current status of connection for security and analysis |
1)system
administrators |
Data Interface
from Server in Country to Server in |
Hosted on Server
(HQ, |
APPENDIX III
TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES[E8]
INTRODUCTION
It is the policy of Samsung Electronics (called hereafter "COMPANY") and its subsidiaries to pursue technical and organizational security measures substantially consistent with the processes described in this Appendix III as adjusted and evolved by COMPANY from time to time (the "COMPANY Measures"). The degree to which the COMPANY Measures are implemented with respect to any particular location or system will depend on several factors. The business environment in which COMPANY operates is very dynamic, driven to a great extent by the requirements of its clients. In addition, as a result of changes in COMPANY operations and the acquisition of other businesses on a continuing basis, at any point in time there may be business units, divisions, or subsidiaries of COMPANY that have not yet fully implemented the COMPANY Measures but are in the process of evolving to a business model more consistent with the COMPANY Measures. The deployment and adjustment of the COMPANY Measures will continue as part of the continuing development of COMPANY' business and the integration of COMPANY business acquisitions. Description of various elements in the COMPANY Measures does not mean COMPANY has been contracted by its client to provide such elements on behalf of the client, which will be determined in each case by the services agreement in effect between COMPANY and its client. With respect to each of its clients, implementation of the COMPANY Measures will be done in accordance with the practices and policies established by COMPANY and the client.
I. TECHNICAL SECURITY MEASURES
1. Authentication
1.1 COMPANY' standard authentication process requires use of User IDs and passwords for access to the COMPANY network and for access to different systems and applications within the COMPANY network. The User ID and password pair is a common form of authentication credentials. Each user of COMPANY information systems is issued individual, unique authentication credentials. COMPANY issues User IDs only upon adequate validation of the person's existence and business need. COMPANY issues User IDs and passwords in a secure manner. Where deemed necessary, users are required to change passwords when they first logon using the new password.
The company informs users that it is their responsibility to protect the confidentiality and availability of their authentication credentials. Users are required to change their passwords for access to the COMPANY network periodically. Requirements with regard to length and form of passwords are set out in the appropriate COMPANY security directive, as amended from time to time. A standard COMPANY user logon has a preset number of invalid logon attempts prior to locking the account out and requiring administrative intervention for system access. COMPANY further records information about accesses to the COMPANY network under a User ID, including date, time, length, and nature of access.
1.2 COMPANY requires strong authentication credentials through use of strong access controls and/or dual authentication in certain circumstances that COMPANY has determined to involve access to more sensitive systems and applications, or access to the COMPANY network under more sensitive circumstances. COMPANY currently requires strong authentication process for all remote access and for all "privileged administrator access" to selected COMPANY systems that contain critical data and/or access that involves network, system or application administrative responsibilities.
1.3 COMPANY applies encryption technologies during the transmission of authentication credentials over an COMPANY internal network, provided that such application is required for the protection of the credentials over an internal COMPANY network. All external, or internet based authentication including authentication data (password) being stored on a database is encrypted.
2. Access Control
2.1 COMPANY has in place technical measures that limit access of users of the COMPANY network to: (i) systems and applications that the user needs in order to perform the user's job functions, and (ii) the functions that can be performed once access is granted. These measures are accomplished through software programs and operating system administrative tools that enable COMPANY network administrators to create, modify, and delete access authorizations. COMPANY network, systems and applications administrators are typically specialized in that function and work from an objective set of requirements.
2.2 COMPANY makes decisions concerning levels of access control based upon sensitivity of the applications and the information that can be accessed through those applications, associated levels of risk, and regulatory requirements. The scope of each employee's authorization is described in the databases or other recording mechanisms that contain the person's authorization profile. Data from each customer is kept separate from other customer data so that access to each set of data can be controlled. Therefore, each employee is able to access only limited data which is relevant to their job function.
2.3 There is a data security function within COMPANY that engages in daily monitoring of COMPANY network access and usage to determine whether authentication and access control measures are functioning properly, to test the functions, and to determine whether access authorizations are being exceeded or abused. COMPANY further has an internal audit function that periodically examines whether users have exceeded the permitted levels of network, system or application access contrary to COMPANY policies and standards.
3. Network Security
Communications networks operated by the COMPANY shall be separated from the internet by firewalls on contact points between the internet and the internal communications networks in order to prevent unauthorized intrusion by unidentified users and protect internal networks.
3. COMPANY employs a variety of additional security measures to prevent unauthorized access to the COMPANY network and abuses of authorized access. These include network access controls, including firewall technology, both hardware and software components, network intrusion detection technology, and encryption technology on a selected basis where appropriate. These technologies are reviewed in light of the latest technological developments and are periodically updated. COMPANY has a group of staff members within COMPANY ' information services department that are tasked with protecting, maintaining, and monitoring the security and integrity of the COMPANY network.
Server Security
All COMPANY systems or applications are protected by security equipments such as firewall, router and switch. COMPANY's security program checks security level of systems or server against the COMPANY security policy. IT staff monitors COMPANY security level continuously.
. COMPANY has in place business processes and the necessary software, hardware, and facilities to back-up data residing on the COMPANY network. These processes and technology features include manual and automated data backup procedures and redundant computer systems, Data Centers, power supplies, power sources, and telecommunications feeds.
. Physical Measures
.1 Access to Building Control
The technical equipment for data operations within the primary COMPANY data centre is located in a separate part of the data centre which is reinforced with solid walls. All entrances are closed with stable doors. The doors are locked at all times. The buildings are equipped with an alarm system and protected by security services to monitor unauthorized entry. Entrance and exit are supervised. All doors that give access to different areas of the data operations are equipped with electromagnetic locks and electronic door lock systems ("proximity-reader").
Access is given only to employees and contractors of COMPANY who are in the possession of a valid pass for an electronic door lock system bearing their photo. The electronic door lock systems installed at every door which separates the different areas of the data operations only gives access to the premises for those employees who are authorized to enter the specific area of data operation. Authorization has to be granted by responsible managers. The Corporate Security Department is responsible for handing out and collecting of electronic passes to all COMPANY employees. The responsible manager and corporate security examines whether a specific person's access to a particular area of data operations is necessary. Those examinations are carried out prior to issuance and periodically thereafter.
At the time of termination of a person's employment with COMPANY, the manager or other authorized person collects the former employee's electronic pass and Security blocks the particular pass within the electronic door lock systems. Additionally, processes are in place for the revocation of terminated employee's information systems access.
Visitors have to apply for a visitor card at the receptionist or attendant's desk. The purpose for the visit and the name of the contact person are recorded. Access is granted only to those visitors who received a visitor card and who are accompanied by COMPANY employees. Visitors must be accompanied by a COMPANY employee.
.2 Storage Media Control
Storage media are kept in locked rooms. Every storages medium that is removed from the data operation systems is stored in the locked storage room.
Only the appropriate operations center operator within every shift has access to this room. Every storage media that is removed from the room or is stored within the room is listed in a storage media register to be kept by the personnel who are responsible for the storage of such media.
The erasure or destruction of storage media is mentioned in the aforementioned register.
II. ORGANIZATIONAL SECURITY MEASURES
COMPANY has policies and procedures that address security measures, with a goal of protecting all information properties including customer data and other trade secrets owned by COMPANY. These security measures apply to all people who enter or leave the COMPANY's premises or who use the Company's IT equipment including employees and contractors of the COMPANY and its affiliates and business partners.
These policies and procedures are notified to all employees also anytime accessible by any employee from Human Resource Department.
1. Authentication
COMPANY requires that all persons that use COMPANY information systems in any form for any job have individual authentication credentials. Depending upon the level of access, the source of access or the nature of the information asset being accessed the credentials may include strong authentication credentials. These requirements are established by written policies and practices. In addition, COMPANY engages in management-level compliance training that specifically includes COMPANY network authentication and related processes.
2. Access Control
COMPANY has policies and procedures that address provision of access on a limited basis, with a goal of limiting access to only to the information and systems that are necessary for the user to perform their job functions. Such a limitation is dependent on the systems being used and the applications available. An example of such a limitation is technical support personnel who have administrative rights that are based upon a specific application, a group of computers, or a group of telecom equipment according to their assigned jobs. Access privileges are issued, modified, and revoked as persons change job functions and as employment is terminated.
3. Audit
Internal audit and external auditors periodically audit the company's practices to ensure proper security controls, processes, and procedures are in place and effective in the protection of our operations. There are periodic audits by internal/external security organization to identify the potential vulnerability of COMPANY to abuses of authorized access and unauthorized access attempts. COMPANY Information Services continually monitors the COMPANY network, systems and applications to identify unauthorized access to and use of same.
4. Training
COMPANY trains its employees on proper handling of authentication credentials and authorized access to and use of the COMPANY network. COMPANY has a policy addressing electronic communications that specifically identifies for employees and contractors rules concerning use of COMPANY electronic communications assets, including the COMPANY network. COMPANY also has relevant procedures through its policies concerning handling of company information, trade secrets, and intellectual property. COMPANY enforces these policies and rules through disciplinary action including, in appropriate circumstances, termination of employment. COMPANY has audit processes and an internal audit group focused on monitoring compliance with these policies.
5. COMPANY Organizational Resources
5.1 COMPANY has a cross-functional Safeguards and Security Committee. Members of the Committee are corporate officers and senior security personnel. This Committee is active in monitoring relevant activities and proposing and reviewing policies in these areas and implementing safeguards for information security and physical security needs.
5.2 COMPANY has a Chief Security Officer whose responsibility to assist in the development of appropriate policies and procedures relating to privacy and security and to provide leadership to various groups and initiatives within COMPANY directed at enhancing measures for the protection of both COMPANY data and customer data within COMPANY ' possession.
5.3 [COMPANY has a Virtual Privacy Office that supports the Chief Privacy Officer and others involved in privacy matters. The Virtual Privacy Office is a team comprised of representatives from the business groups and support functions. The team develops training materials, reference materials, policies and procedures and engages in other activities designed to enhance the privacy program at COMPANY.] [E9]
[E1]Please insert the date.
[E2] Can you please check that this is an accurate and complete list of all Samsung data controllers who may be exporting data under this agreement.
[E3]Can you please check that this is an accurate and complete list of all Samsung data importers who may be processing data under this agreement.
[E5]Please amend this description of Samsung's business accordingly. This description is in draft only.
[E6]Do the Samsung Data Exporters process Sensitive Personal Data / will Sensitive Personal Data be transferred to the Samsung Data Importer? It is important to check this point.
[E7]These
data flow charts have been adapted further by DB Cho and Crysta Lee's
team. These data flows are the version
sent by
[E8]Please note that this document is in draft only (draft dated 21/07/08). In particular, please see the comment at paragraph 5.3 below. This document provides an overview of the technical and organisational security measures adopted by Samsung in relation to the underlying data transfers. It has been discussed with Hae Ki Park, Security Manager and Kyung Tae Lee, European Security Assistant but please have a look and let us have your comments.
[E9]Please note that we have not fully discussed the particular issue of whether there should be a Virtual Privacy Office. This needs to be discussed further prior to execution of this agreement. This is a further aspect in the proposed creation of a privacy organization within Samsung.
|
Politica de confidentialitate | Termeni si conditii de utilizare |
Vizualizari: 2228
Importanta: 
Termeni si conditii de utilizare | Contact
© SCRIGROUP 2024 . All rights reserved
