Our commitment and approach to cybersecurity is outlined in detail in our 10-K filing. In general, cybersecurity risks and data protection are classified as key components of our long-term strategy and enterprise risk management program, and they are integrated into our overall risk management systems. We maintain processes for assessing, identifying and managing material risks from cybersecurity threats, and we routinely invest in developing and implementing numerous cybersecurity programs and processes. Our Board provides oversight on cybersecurity issues, and under this authority, receives updates on related matters every year.

Our information security management system is ISO 27001 certified.

In respect to personal data, Magnachip has established legal, technical and organizational measures to ensure that individuals’ personal information is handled with the utmost care and in accordance with applicable laws and regulations.

In practice, this has involved the implementation of consent management mechanisms for obtaining and managing user consent for the collection and processing of their personal information. We clearly affirm our commitment to obtaining user data through lawful and transparent processes, while ensuring individuals retain control over their personal information.

Our Privacy Policy outlines our commitments to data privacy in detail.

Training on data protection

We provide annual training to employees on data protection principles and best practice to ensure awareness of and adherence to our privacy policies.

We also conduct training specifically for employees dealing with personal information on topics such as the proper handling of sensitive data, data protection regulations and maintaining high standards of privacy. The goal is to ensure our personnel are well-informed and compliant with data privacy policies and best practices.

Actively monitoring the percentage of employees who successfully complete data privacy training is one of the ways we assess and ensure the effectiveness of our privacy initiatives.

Data privacy training is exclusively provided to individuals responsible for handling personal information. In 2023, 100% of the designated participants have completed the training without exception. This helps us maintain a culture of compliance and awareness regarding data protection across the organization.