- Home
- ESG
- Sustainable Operation
- Risk Management
- Personal Data Protection Checklist
Personal Data Protection Checklist
Personal Data Protection Checklist
Attachment 3
Audit Unit: Year: Date Filled: Year Month Day
| No. | Audit Items | Subject | Audit Results |
| 1 | Are paper reports containing personal data handled and used exclusively by designated personnel? | All | □ OK □ NG □ Not Applicable |
| 2 | When transferring paper personal data, is a confidential transfer method employed? | All | □ OK □ NG □ Not Applicable |
| 3 | Is access to personal data restricted based on role? Non-designated personnel shall not have access or viewing rights. | All | □ OK □ NG □ Not Applicable |
| 4 | Are personnel handling personal data trained annually on information security and privacy protection? | All | □ OK □ NG □ Not Applicable |
| 5 | When personnel handling personal data are transferred, are all relevant storage media and data handed over according to regulations? | All | □ OK □ NG □ Not Applicable |
| 6 | When personnel leave the company or end their contract, are their accounts deactivated and employee IDs collected according to regulations? | All | □ OK □ NG □ Not Applicable |
| 7 | Is there an application and approval process for accessing personal data? | All | □ OK □ NG □ Not Applicable |
| 8 | Are access records, including the identity of the user and their actions, maintained when personal data is accessed? | All | □ OK □ NG □ Not Applicable |
| 9 | Do personal computers handling personal data have user accounts and passwords? | All | □ OK □ NG □ Not Applicable |
| 10 | Are individual user accounts assigned to personnel handling personal data? | All | □ OK □ NG □ Not Applicable |
| 11 | After using personal data, is the application promptly closed? | All | □ OK □ NG □ Not Applicable |
| 12 | Are paper documents containing personal data managed by designated personnel and stored in physically secure environments? | All | □ OK □ NG □ Not Applicable |
| 13 | When personnel handling personal data leave or transfer positions, is the password reset for the relevant systems and user accounts updated if necessary? | IT Department | □ OK □ NG □ Not Applicable |
| 14 | Are computers storing sensitive personal data isolated from external networks (e.g., firewalls)? | IT Department | □ OK □ NG □ Not Applicable |
| 15 | Are computers storing personal data equipped with antivirus software, updated daily, and scanned weekly? | IT Department | □ OK □ NG □ Not Applicable |
| 16 | Is the use of P2P software and Tunnel tools for file sharing prohibited? | IT Department | □ OK □ NG □ Not Applicable |
| 17 | Are information devices storing personal data located in physically secure areas (e.g., access-controlled offices, server rooms)? | IT Department | □ OK □ NG □ Not Applicable |
| 18 | Are backup mechanisms in place for storage media containing personal data? | IT Department | □ OK □ NG □ Not Applicable |
| 19 | When external parties update or maintain computers storing personal data, is a designated staff member present to ensure data security? | IT Department | □ OK □ NG □ Not Applicable |
| 20 | When computers or devices storing personal data are decommissioned or repurposed, is the personal data deleted? | IT Department | □ OK □ NG □ Not Applicable |
Instructions:
"OK" indicates the department has performed the action in compliance with requirements; "NG" indicates the action was performed but did not meet operational requirements; "Not Applicable" indicates the department has no related action or process.
Approved: Reviewed: Auditor:
AM19-03