ESG
Ethical and Compliance

Environmental
Social
Governance

ESG

Ethical and Compliance
Anti-Bribery
Security & Privacy
ST Pharm operates an Anti-Bribery Management System (ABMS) based on ISO 37001 to prevent corruption and establish an ethical corporate culture. The ABMS, which was introduced in 2021, applies to all employees and aims to promote an anti-bribery workplace culture and strengthen risk management through various activities. Major activities include company-wide anti-bribery training, awareness surveys, and risk identification and corrective measures. Through these efforts, we continue to improve our ethical management throughout the organization.
 

Anti-Bribery Policy

 
  1. All employees of ST Pharm shall not engage in any acts of bribery related to the work.
  2. ST Pharm shall comply with applicable domestic anti-bribery laws and regulations, and if necessary, refers to international anti-bribery laws and regulations. 
  3. The head of anti-bribery shall establish company-wide anti-bribery goal and execution plan accompanied with detailed objectives and schedule and ensure that this policy is achieved.
  4. If there are any Issues raised, it shall be possible to raise in good faith or in reasonable confidence, without fear of retaliation. 
  5. The authority and independence of the head of anti-bribery and the ST Pharm Anti-Bribery Audit Committee(STPAAC) shall be guaranteed according to the detailed operational standards of the STPAAC.
  6. All employees of ST Pharm shall comply with anti-bribery policies and procedures. All employees shall be aware that if we do not comply with the policy, we shall be subject to strict disciplinary action in accordance with in-house human resource procedures.
  7. This anti-bribery policy shall be communicated in an appropriate language to ST Pharm employees, related stakeholders, and business partners with medium or higher bribery risks. 

Anti-Bribery Audit Committee(STPAAC)

To ensure the effective operation of the anti-bribery management system, the Anti-Bribery Audit Committee holds regular meetings once every six months to share detailed plans and results of ABMS activities. 
Audit Committee
As the highest decision-making body, the Audit Committee reviews and approves anti-bribery policies and deliberates on the results of ABMS management reviews to propose directions for ongoing improvement. 
Anti-Bribery Risk Management

Pledge to Practice Jeong-Do Management
As part of our commitment to establishing and realizing a culture of Jeong-Do Management, all employees, including the CEO, submit a pledge every year to practice Jeong-Do management. We have confirmed that 100% of our employees submitted their pledges.

Assess and Manage Bribery Risk
ST Pharm evaluates and manages company-wide bribery risks based on anti-bribery goals established using the ISO 37001 Plan-Do-Check-Act (PDCA) cycle. Teams are divided into groups and follow a risk assessment process to identify bribery risks by considering factors such as the occurrence and impact of national risks, industry risks, transaction-related risks, and business partnership risks. We also identify residual risks and take corrective measures to prevent and mitigate such risks, and regularly report the final results of internal audits to the CEO and the Audit Committee.
 
Survey on the Implementation of Jeong-Do Management
ST Pharm conducts an annual Jeong-Do Management awareness survey to understand the level of Jeong-Do Management implementation and employee awareness. A total of 25 questions related to Jeong￾Do Management and social responsibility were asked in an anonymous online survey.
 
Anti-Bribery Training
Each year, ST Pharm holds anti-bribery training to promote an anti￾bribery culture and internalize awareness of the dangers of workplace bribery. We implement company-wide training for all employees and capacity-building training for internal auditors on a regular basis. In addition, we conduct a separate ABMS enhancement training for departments classified as “medium or higher” in the bribery risk assessment. Following the company-wide and ABMS training, we administer surveys to evaluate the effectiveness of the training in raising awareness. 
Corruption Reporting Channel
ST Pharm operates “K-Whistle” and a “cyber audit office (CLEAN :D)” to enable employees and stakeholders (partners, clients, etc.) to easily report corruption and unethical behavior (unfair trade, violation of laws, etc.).
 

Report Now - K-Whistle / CLEAN :D 


Ethics and Compliance Management
Classification
Unit
 2022 2023 2024
Anti-corruption activity
 Jeong-Do Management pledge rate % 100 100 100
Corruption case
 Total monetary loss KRW 1 million 0 0 0
Corruption or bribery Case 3 0 1
Code of conduct
violation
 Discrimination and harassment Case 0 0 0
Customer information protection Case 0 0 0
Conflicts of interest Case 0 0 0
Money laundering or insider trading Case 0 0 0
Legal and regulatory 
violation
 Safety and health violation (fines) Case (KRW 1 million) 1 (1.5) 1 (5) 0
Environmental violation (fines) Case (KRW 1 million) 0 0 0
Anti-competitive and antitrust 
violation (fines)		 Case (KRW 1 million) 0 0 0

Security & Privacy Risk Mamagement

 

To address increasingly sophisticated cyber threats, ST Pharm regularly identifies and remedies security vulnerabilities across its systems. In collaboration with a specialized external agency (DA Information), we conduct simulated hacking exercises, phishing email response drills, and infrastructure vulnerability assessments. In addition, routine security inspections include group-wide information security audits, Outlook security checks, assessments of personal information handling practices by department, information security awareness surveys, and feedback surveys on D-Cloud inconvenience reports. These efforts help prevent security incidents. 
 
Assessments and Monitoring

Secured Net 
We monitor illegal intrusion attempts 24 hours a day, 365 days a year through our IDC (Internet Data Center) security control system, “Secured Net.” This helps us keep our information safe from increasing security risks, such as DDoS attacks.
 
Diagnosis of the Level of the Information Security Management System
ST Pharm conducts an annual “diagnosis of the level of the information security management system.” Through a checklist￾based inspection of areas such as information security management, technology (IT), physical security, HR, and personal information, we 
have identified deficiencies in user security areas such as screensaver installation and personal information protection, and implemented improvement measures. By doing this, we are preventing information asset leakage and the indirect damage it can cause.
 
Information Security Awareness Survey
Under the leadership of the Group, ST Pharm conducts an annual information security and personal information protection awareness survey of all employees. Through this survey, we assess the awareness of security, security policies, security training, and security personnel, as well as inconveniences related to D-Cloud. We then incorporate the survey’s findings into our information security improvement plan. 
 
Outlook Security Check
ST Pharm conducts Outlook security checks to prevent the unauthorized external leakage of company information assets and to verify whether Outlook users are violating company security policies. Security checks are performed by designating an “information security protector” (immediate superior) as the inspector, and violations are checked and managed for each item in the inspection report.
Information Security Training

Mock Hacking Training
ST Pharm conducts group-wide mock hacking training to proactively respond to increasing cyber threats. Depending on the scenario, we conduct mock hacking of Group company websites and groupware, and for any information exposure vulnerabilities found in the diagnosis results, we establish measures and make improvements to reduce the risk of exposure.
 
Malicious Email Response Training 
ST Pharm conducted malicious email simulation training in October 2024 to prevent information security incidents such as ransomware damage caused by malware infections, important information leakage, and payment transaction fraud. The training was conducted for managers (team leaders and those in higher positions) who oversee critical internal information, based on the types of malicious emails that users frequently encounter in regular activities. In particular, realistic scenarios such as prize contest entries, unclaimed tax refunds, and statutory training notifications were used to evaluate employees' response capabilities. We conduct malicious email response training once a year, and as a result, have significantly reduced the rate of information leakage via malicious emails, from 41% in 2023 to 4% in 2024. Going forward, we will continue to conduct regular simulated training and security awareness education to proactively address cyber threats and build a secure information protection environment.
 
HOMEESGEthical and Compliance
© 2026 ST Pharm. All rights reserved.

We care about your privacy

This site uses essential cookies necessary for the operation of the service and for maintaining your language preferences. For more information, please review our Privacy Policy and Terms of Service.