▣ 협력사 기본정보

협력사명 작성자 성함
협력사 주소 직위
매출액('22년) 메일 아이디
매출액 기준 통화 휴대폰 번호

▣ 협력사 보안 인프라 보유 현황
종 류 유/무 설 명 현황 상세 설명 평가

방화벽 사용 중인 방화벽 기재(UTM 포함) ex) fortigate, juniper, CISO ASA 등

PC 백신 PC용 바이러스 백신

서버 백신 서버용 바이러스 백신

USB, MTP, 블루투스 등 PC에서 사용 가능한 저장매체 및 통신매체에 대한 접근을

매체제어시스템
제한하는 솔루션

유해사이트 차단 유해 웹사이트에 대한 접근을 차단하는 솔루션

NAC 비인가 장비의 내부 네트워크에 대한 액세스를 제한하는 솔루션

DLP 데이터 유출 또는 파기를 방지하는 솔루션

인증, 권한 부여 및 감사 메커니즘을 통해 서버/데이터에 대한 액세스를 제어 및

접근제어(SAC/DAC)
관리하는 솔루션

소프트웨어 통제 비인가 소프트웨어의 설치 또는 실행을 방지하는 솔루션

암호화 및 접근 권한 관리를 통해 디지털 콘텐츠의 저작권을 보호하는 솔루션.

DRM (문서보안)
ex) MS AIP
다양한 출처의 문서를 하나의 중앙 집중화된 위치로 통합 및 정리하여 쉽게
문서중앙화
액세스하고 관리할 수 있는 솔루션입니다.
네트워크 트래픽을 모니터링하고, 악의적인 활동 또는 무단 액세스 시도를
IPS/IDS
탐지하고, 시스템 또는 네트워크를 손상시키지 않도록 방지하는 솔루션

스팸메일 차단 메일 서버로 유입되는 스팸 및 악성 메일을 실시간으로 차단하는 솔루션

DB암호화 데이터베이스에 저장된 민감한 정보를 암호화하여 보호하는 솔루션

VPN 회사 외부에서 회사 내부 시스템에 안전하게 접근할 수 있는 솔루션

사용자 인증, 권한 부여 및 사용 권한에 대한 정책을 정의 및 시행하여 리소스에

통합 계정관리
대한 액세스를 관리 및 제어하는 솔루션입니다.
보안 데이터의 실시간 모니터링 및 수집, 자동화된 위협 대응 메커니즘을 통해 PC,
탐지대응솔루션 서버, 모바일 장치 등의 네트워크 엔드포인트를 보안 위협으로부터 보호하는
(EDR, XDR, NDR 등) 솔루션
ex) EDR, XDR, NDR 등
보안 사고 및 위협을 실시간으로 탐지, 분석, 대응하는 솔루션
관제, 자동화 및 대응
ex) SIEM, SOAR등

데이터 백업/복구 데이터 손실, 손상 또는 시스템 장애 발생 시 데이터를 보호 및 복원하는 솔루션

IT 관리자가 확인함 MD/CFO의 승인

이름 이름

_x000D_ 본 문서는 현대자동차·기아의 정보자산으로 귀사와의 비밀유지계약 및 제반법률에 따라 법적 보호를 받습니다.

#
 ▣ 사이버침해사고 생산영향도 평가 지표 조사 ★ 작성가이드를 충분히 숙지 후 공란 없이 작성 바랍니다.
★ 해당 영역(영업/생산/물류/조달/IT/보안)의 실무 담당자가 모두 참여하여 작성바랍니다.
구분 조사항목 No 문항 설명 및 답변 작성 가이드 답변 작성란 참고

서열 품목
서열품목 비중 1 납품하는 부품 중 서열품목의 비중
정보

서열부품이 고객사 생산라인에 전달되는 방식(우측 이미지 참조)

서열품목 공급 방식 2
☞ 서열품목 중 재고수량(완제품 기준 재고)이 최소인 품목 기준으로 작성

생산라인 중단 시 재고만으로 고객사 납품이 가능한 기간

서열품목 재고확보수준 3
☞ 서열품목 중 재고수량(완제품 기준 재고)이 최소인 품목 기준으로 작성

일반 품목 생산라인 중단 시 재고만으로 고객사 납품이 가능한 기간

일반품목 재고확보 수준 4
정보 ☞ 서열품목 외 일반품목 중 재고수량(완제품 기준 재고)이 최소인 품목 기준으로 작성
1) 귀사가 사용하고 있는 소프트웨어에 대해 기입 바랍니다
★ 각 조사항목에 해당하는 업무 단계를 우측 이미지를 참고하여 작성
자동화 수준 간략하게 설명하세요 .
★ 생산영향도는 재고확보수준이 가장 낮은 부품을 기준으로 작성
- 소프트웨어 이름, 자체 개발 또는 기성 소프트웨어, 버전
고객사로부터 차종 생산 계획을 취득하는 과정의 자동화 비중 등
☞ 고객사에 납품하는 전체 품목 개수 중 차종 생산계획 취득이 자동화된 품목 개수의 비율을 선택 2) 글로벌 및 로컬 팀을 위한 소프트웨어에 대한 액세스
[예시] - 승용차종은 자동화로, 상용차종은 수동으로 생산계획을 취득하는 경우 레벨
전체 품목 개수 중 승용 품목 수의 비중을 작성 3) 사고 발생 이력(과거 사이버 이슈)
자동화 4) 자동화 현황/상황에 대해 설명해주세요
5-1 ☞ 자동화 정의 : 고객사가 제공하는 차종 생산계획 또는 부품 서열 정보를 전산시스템을 통해 취득
수준 - 해당하는 모든 란에 기입해주시기 바랍니다.
고객사 차종 생산계획 취득 [예시] - 고객사가 제공하는 직서열 시스템을 통해 고객사 차종 생산계획 취득
- 자체 개발한 프로그램을 통해 고객사 차종 생산계획을 취득

☞ 파트너스 사이트(VAATZ) 등 고객사에서 제공하는 웹사이트에서 생산계획 및 서열정보를 단순히

다운로드하는 경우는 자동화로 보지 않음

생산
5-2 자동화시스템에 문제 발생 시 수작업으로 고객사 차종 생산계획을 확보하는데 소요되는 시간
영향도

고객사가 제공한 차종 생산계획으로부터 부품 생산계획(일단위 작업계획)을 수립하는 과정의 자동화 비중

☞ 전체 품목 개수 중 생산계획 수립이 자동화된 품목 개수의 비율을 선택

자동화 ☞ 자동화 정의 : 전산시스템을 통해 작업계획을 산출하고 관리함

6-1
수준 [예시] - ERP등의 전산시스템을 통해 고객사 차종 생산계획을 관리
생산계획 수립
- 전산시스템에 프로그램된 규칙에 따라 일단위 또는 시간단위 부품 생산계획이 자동으로 산출됨

☞ 엑셀 등 사무용 SW를 활용하여 부품 생산계획을 수립하는 경우는 자동화로 보지 않음.

생산
6-2 자동화시스템에 문제 발생 시 수작업으로 부품 생산계획(일단위 작업계획)을 수립하는데 소요되는 시간
영향도
제품의 운송/납품 계획을 수립하는 과정의 자동화 비중
☞ 전체 품목 개수 중 물류계획 수립이 자동화된 품목 개수의 비율을 선택

☞ 자동화 정의 : 시스템을 통해 부품 운송/납품 작업계획을 수립하고 관리함

자동화
7-1 [예시] - ERP등의 전산시스템을 통해 부품 운송/납품 계획을 관리
수준
물류계획 수립 - 전산시스템에 프로그램된 규칙에 따라 부품 운송/납품 계획이 자동으로 산출됨
- 전산시스템을 통해 부품 운송/납품 계획을 물류담당 협력사에 공유

☞ 엑셀 등 사무용 SW를 활용하여 부품 운송/납품 계획을 수립하는 경우는 자동화로 보지 않음

생산
7-2 자동화시스템에 문제 발생 시 수작업으로 운송/납품 계획을 수립하는데 소요되는 시간
영향도
부품 생산을 위한 자재조달 계획을 작성하는 과정의 자동화 비중
☞ 전체 품목 개수 중 자재조달계획 수립이 자동화된 품목 개수의 비율을 선택

☞ 자동화 정의: 시스템을 통해 자재조달계획을 수립 및 관리

자동화
8-1 [예시] - ERP등의 전산시스템을 통해 자재조달계획을 관리
수준
자재조달계획 수립 - 전산시스템에 프로그램된 규칙에 따라 자재조달계획이 자동으로 산출됨
- 전산시스템을 통해 자재조달계획을 자재 공급사에 공유

☞ 엑셀 등 사무용 SW를 활용하여 자재 조달계획을 수립하는 경우는 자동화로 보지 않음

생산
8-2 자동화시스템에 문제 발생 시 수작업으로 자재 조달계획을 수립하는데 소요되는 시간
영향도
부품 생산계획(일단위 작업계획)이 생산설비를 가동하는 작업자에게 전달되는 과정의 자동화 비중
☞ 전체 품목 개수 중 생산계획 현장 전개 과정이 자동화된 품목 개수의 비율을 선택

☞ 자동화 정의: 생산라인의 작업자가 전산시스템을 통해 작업 물량을 확인

[예시] - 작업자가 생산라인에 설치된 PC 또는 현황 모니터를 통해 MES시스템 등 생산정보시스템에서
자동화
9-1 배포하는 작업물량을 확인
수준
생산계획 현장 전개 - 작업자가 생산라인에 설치된 PC 또는 모바일 기기를 통해 그룹웨어 게시판, 사내메일 등
사내 커뮤니케이션 시스템을 통해 작업 물량을 확인

☞ 생산라인의 작업자가 출력물, 사외메일, SNS(카톡, 밴드)등을 통해 작업 물량을 확인하는 경우는

자동화로 보지 않음
생산
9-2 자동화시스템에 문제 발생 시 수동으로 부품생산계획을 생산라인 작업자에게 전달하는데 소요되는 시간
영향도
생산설비가 부품을 생산하는 과정의 자동화 비중
☞ 전체 공정 개수 중 자동화된 공정 개수의 비율을 선택

☞ 자동화 정의: 전산시스템이 생산설비를 직접 제어(자재투입, 가동, 중단) 하여 부품 생산

[예시] - 서열시스템과 PLC가 연동되어 있어 서열정보에 따라 작업자의 개입 없이 설비가 부품을 생산
자동화
10-1 - 작업자의 개입 없이 MES 등 생산관리시스템이 생산설비를 직접 제어하여 부품 생산
수준
생산설비 제어 - 작업자가 생산설비에 연동된 자동화시스템 또는 S/W를 통해 작업수량, 서열정보 등을 입력하여
부품 생산

☞ 생산라인의 작업자가 생산설비에 생산에 필요한 정보를 입력하는 행위 외에,

설비에 직접 자재를 투입하는 등의 부가적인 행위를 하는 경우 자동화로 보지 않음.
생산
10-2 자동화시스템에 문제 발생 시 수동으로 전환하여 생산설비를 재 가동하는데 소요되는 시간
영향도

_x000D_ 본 문서는 현대자동차·기아의 정보자산으로 귀사와의 비밀유지계약 및 제반법률에 따라 법적 보호를 받습니다.

#
 부품 품질검사 과정의 자동화 비중
☞ 전체 공정 개수 중 자동화된 공정 개수의 비율을 선택
단, 부품생산 완료 후 최종 단계에서 종합적으로 품질을 검사하는 경우 "80%이상" 선택

자동화 ☞ 자동화 정의: 품질검사 시스템이 생산설비를 직접 제어

11-1
수준 [예시] - 품질검사 결과 부품에 결함 발생 시 생산설비 자동 중단
품질검사
- 품질검사 시스템이 오작동하거나 가동을 중단할 시 생산설비 자동 중단

☞ 품질검사 시스템이 단순히 모니터링 역할만을 수행하여, 품질검사시스템의 가동이 중단되더라도

생산설비 가동에 영향을 주지 않는 경우는 자동화로 보지 않음
생산
11-2 자동화시스템에 문제 발생 시 수동으로 전환하여 생산설비를 재 가동하는데 소요되는 시간
영향도
부품이 출하되는 과정의 자동화 비중
☞ 전체 품목 개수 중 출하 과정이 자동화된 품목 개수의 비율을 선택

☞ 자동화 정의: 생산이 완료된 부품을 자동화설비를 통해 출하

자동화
12-1 [예시] - 자동창고 등의 자동화설비가 직서열 시스템과 연동되어 서열정보에 따라 부품을 자동으로
수준
출하 운송차량에 적재
- 작업자가 수량/서열정보를 자동화설비에 입력하여 자동화설비가 부품을 운송차량에 적재

☞ 부품을 출하하는 과정이 자동화설비의 개입없이 진행되는 경우 자동화로 보지 않음

생산
12-2 자동화시스템에 문제 발생 시 수동으로 전환하여 부품을 재 출하하는데 소요되는 시간
영향도
부품의 출하 시점부터 고객사 완성차공장의 생산라인에 공급되는 시점까지의 자동화 비중
☞ 전체 품목 개수 중 물류/납품 과정이 자동화된 품목 개수의 비율을 선택

☞ 자동화 정의 :
자동화 [예시] - 중간 물류 창고/서열장 등 에서 서열시스템 또는 자동화 창고와 같은 전산시스템을 통해
13-1
수준 최종 완성차 조립 라인에 부품 납품
물류/납품
- 전산시스템을 통해 납품차량의 위치 추적 및 고객사 도착 유무 확인
- 전산시스템을 통해 납품차량 배차 관리

☞ 부품이 운송/납품되는 과정이 전산시스템 또는 자동화설비의 개입없이 진행되는 경우 자동화로 보지 않음

생산
13-2 자동화시스템에 문제 발생 시 수동으로 전환하여 부품을 운송/납품하는데 소요되는 시간
영향도

_x000D_ 본 문서는 현대자동차·기아의 정보자산으로 귀사와의 비밀유지계약 및 제반법률에 따라 법적 보호를 받습니다.

#
 ▣ Basic Information
Supplier Name & Code NVH INDIA AUTOPARTS PVT. LTD. Name of the Person Entering the Data K.Murugeshkumar

Address B-67,68, Sipcot Industrial Park, Irungattukottai, Sriperumbudur Taluk, Kanchipuram, Tamil Nadu - 602105 Designation Asst. Manager

Sales ('22) 529 Crores Mail Id murugesh257@nvhkorea.com

INR Currency in Crore (Sales to HMI) 448.2 Crores Mobile No +919941411494

▣ Supplier Security Infrastructure Status

Type Possession Descriptions ( Customer Requirements) Actuals in your Company ( Explains the availability of Customer Requirements in detail) Self Assessment

Firewall YES Network Firewall (including UTM), i.e) fortigate, juniper, CISO ASA, etc. Fortigate 80 F firewall v6.4.15 build2030 (GA) Serial Number - FGT80FTK22022988 - License End on (07/01/2026) Good System in Place ( > 80%)

Worry Free Business Security - Trendmicro Version 10.0 Service Pack 1 Build - 2495 - Server GUID: 7e9487e4-
f0f3-4198-98ed-6dd27cac50b2/Server GUID: 7e9487e4-f0f3-4198-98ed-6dd27cac50b2/ Hot Fix History: Patch
PC Vaccine YES Anti-virus solutions for PCs Good System in Place ( > 80%)
2459, Patch 2472, Patch 2495
License end on - 7/23/2026

Worry Free Business Security - Trendmicro Version 10.0 Service Pack 1 Build - 2495 - Server GUID: 7e9487e4-
f0f3-4198-98ed-6dd27cac50b2/Server GUID: 7e9487e4-f0f3-4198-98ed-6dd27cac50b2/ Hot Fix History: Patch
Server vaccine YES Anti-virus solutions for Servers Good System in Place ( > 80%)
2459, Patch 2472, Patch 2495
License end on

Solutions that restrict access to storage and communication media available on PCs such as USB access restricted by using Antivirus secuirty end point software (Device control) Good System in Place ( > 80%)
Medium control system YES
USB, MTP, Bluetooth, etc.

(i) Blocked web site by Firewall and Antivirus by URL Filtering and Approve blocked URLS
Block harmful sites YES Solutions that block access to harmful websites. Good System in Place ( > 80%)
(Adult,Business,Communication search,General,Internet Security,Lifestyle,Network Bandwidth

NAC By Firewall protection We inspects incoming and outgoing traffic using a set of security rules to identify and block
YES Solutions that restrict access to the internal network of unauthorized equipment. Partially Available (>50%)
(Network Access Cotrol) threats - Firewall model Fortigate 80 F firewall v6.4.15 build2030 (GA) Serial Number - FGT80FTK22022988

DLP
NO Solutions that prevent data leakage or destruction We are not using DLP Not Available
(Data Loss Prevention)

SAC/DAC
NO
Solutions that control and manage access to Server/Data through authentication, We are not using SAC/DAC control Not Available
(Server/Data Access Control) authorization, and auditing mechanisms.

(i) With out admin permission user not able to install any software (ii) .Exe download
Software Whitelisting YES Solutions that prevent the installation or execution of unauthorized software. blocked thorugh firewall policy Partially Available (>50%)

DRM
NO
Solutions that protect copyright of digital content through encryption and access right We are not using any mentioned points Not Available
(Digital Rights Management) management. i.e) MS AIP

Solutions that consolidates and organizes documents from various sources into a single We are not using document cetralization Not Available
Document Centralization NO
centralized location for easy access and management.

IPS
YES
Solutions that monitor network traffic, detect malicious activities or unauthorized access IPS enable default pattern in Firewall Good System in Place ( > 80%)
(Intrusion Prevention System) attemps, and prevent them from compromising the system or network.

Spam Filter YES Solutions that Block spam and malicious mail flowing into the mail server in real-time. Wblock service we are used to control spam and malicious mail flow Partially Available (>50%)

DB Encryption NO Solutions that protect sensitive information stored in databases by encrypting it. Data base encryption software we are not using Not Available

VPN
NO
Solutions that allow users to securely access the company's internal systems from outside We are not using VPN Not Available
(Virtual Private Network) the company.

IAM
NO
Solutions that manage and control access to their resources by defining and enforcing We are not using IAM Not Available
(Identity and Access Management) policies for user authentication, authorization, and permissions.

We are using for End point security solutions which continously monitor all desktop systems from
Solutions that protect network endpoints such as PC, servers, mobile devices, from security Virus/Malware,Spyware,Web reputation Network virus.Antivirus - Worry Free Business Security - Trendmicro
ESS
YES threats by real-time monitoring and collection of security data and automated threat Version 10.0 Service Pack 1 Build - 2495/Server GUID: 7e9487e4-f0f3-4198-98ed-6dd27cac50b2/Server GUID: Partially Available (>50%)
(Endpoint Security Solutions)
response mechanisms. i.e) EDR, XDR, NDR etc. 7e9487e4-f0f3-4198-98ed-6dd27cac50b2/ Hot Fix History: Patch 2459, Patch 2472, Patch 2495
License end on - 7/23/2026

Solutions that detect, analyze, and respond to security incidents and threats in real-time. i.e) We are not using secuirty operation response Not Available
Security Operation and Response NO
SIEM, SOAR etc.

(i) We are taking every day backup on daily basis

Data Backup and Recovery YES Solutions that protect and restore data in the event of data loss,Corruption, or System failure (ii)Restore the database in trail system for every 3 month and check database are working properly Partially Available (>50%)

Checked by IT Head of Approved By

Director
Manager Department MD/EFO

K. Murugeshkumar S. Manikandan Yi Kwan Bae Moon Joo Seo

_x000D_ 본 문서는 현대자동차·기아의 정보자산으로 귀사와의 비밀유지계약 및 제반법률에 따라 법적 보호를 받습니다.

#
 ▣ Investigation for the production impact of cybersecurity incident ★ Please be fully familiar with the writing guide and fill it out without any blanks.

★ Please fill it out with all working-level personnel in the relevant area (Sales/Production/Logistics/Procurement/IT/Security).

Classification Investigation items No Description and Writing Guide Answer column References

Sequence item Proportion of sequenced

Information items 1 The proportion of sequenced items among whole parts to be delivered 20%~less than 50%

1) Explain about the Software you are using, Name of

Sequence item supply method
Stock securing level of
sequence items
How sequence items are delivered to HMC/KIA's production line (see the reference on the right) Outside Direct Ready made software, Version. 2) A
2 ☞ Please answer based on the number of items with the minimum inventory among the sequence items. Sequence(SUPPLIE global and Local Team.
R) 3) History of Incident if any (Previous Cyber Issue).
4) Explain about your Automation Cond
3 A duration during which delivery to HMC/KIA is possible only with inventory when production line is discontinued. 1Day~less than Make Sure you are answering all box as
☞ Please answer based on the number of items with the minimum inventory among the sequence items. 2Days

General items Stock securing level of general A duration during which delivery to HMC/KIA is possible only with inventory when production line is discontinued. 1Day~less than
Information items 4 ☞ Please answer based on the items with the minimum inventory among general items other than sequenced items. 2Days

Automation level ★ Please refer to the right image to identify the work stage corresponding to each question Briefly Explain
★ When answering the "Production Impact", please answer based on the items with the lowest level of inventory.

The proportion of automation in the process of acquiring a model production plan from a customer
☞ Select the ratio of the number of items automated to acquire the vehicle production plan among
the total number of items delivered to the customer company
[EXAMPLE] - In the case of automation for passenger cars and manual production plans for commercial
vehicles, Select the proportion of the number of passenger items out of the total number
Automation of items. None(100% (i) Sequence data Download from HMI portal https://hvn.hmil.net/irj/portal ( Enquire production status R/P H)
5-1 Level ☞ Definition of automation : Acquire vehicle production plan or part sequence information provided by manual) (ii) Convert the sequence data to excel format to create NVH Format
Acquiring production plan for the customer through the computer system (iii) Printout the sequence sheet and hand over to production for part loading
customer model [EXAMPLE] - Acquire customer's vehicle model production plan through a direct sequence system
provided by the customer company
- Acquire customer model production plan through self-developed program.
☞ Only downloading production plans and sequence information from websites provided by customers,
such as partner sites (VAATZ), is not considered automation.

Production The time required to secure the production plan of the customer's vehicle model manually when a problem N/A(No
5-2 Impact occurs in the automation system Automation) No Impact on production plan as it done in excel through mail

The proportion of automation in the process of establishing a part production plan (daily work plan) from
the model production plan provided by the customer. (i) Received plan from PPC team through mail and hardcopy to start production
☞ Select the ratio of the number of items automated for production planning out of the total number (ii) After part production the final inspection done then from PBS (Production Bar Code) system (Production barcode system) we take alc print
of items and past on part and move to FG location
6-1 Automation ☞ Definition of automation : Calculate and manage work plans through the computer system Less than 20% (iii) EOL inspection stage sub parts available confirmation by File safe JIG.
Level [EXAMPLE] - Manage customer's vehicle production plan through a computer system such as ERP ( Automated System avilable in Covering shelf line only )
Establishing Production plan - The daily or hourly part production plan is automatically calculated according to the rules (iv) After part move to FG area we received plan form HMI through SAP by Logistics then PDI inspection by Manual.
programmed in the computer system (v) After PDI inspection done the part moved to despacth area.
☞ If a part production plan is established using office SW such as Excel, it is not considered as
automation.

Production The time required to manually establish a part production plan (daily work plan) when a problem occurs in
6-2 Impact the automation system Less than 1Hour 1 hour required to stable the process

The proportion of automation in the process of establishing the shipping/delivery plan of the product
☞ Select the ratio of the number of items automated for logistics planning among the total number of
items (i) We download sub daily and timely plan form HMI SAP Portal https://hvn.hmil.net/irj/portal
☞ Definition of automation : Establish and manage part transportation/delivery work plan (ii) Convert the plan data to excel format to create NVH Format
through the computer system
7-1 Automation [EXAMPLE] - Manage part transportation/delivery plans through a computer system such as ERP None(100% (iii)Based on pending quantity we gave plan to production for delivery
Level - The computer system automatically calculates part shipment/delivery plan according to manual) (iv)Monthly PO download from HMI portal and upload in SMS mapol software for Invoice process
Establishing logistics plan programmed rules (v) As per given plan to raise the invoice to HMI through SMS mapol software after vechile updatation,E-invoice creation,Push to HMI port
- Share the parts transportation/delivery plan to the supplier in charge of logistics through and ASN creation automatically in HMI portal. (vi)
the computer system Interface with HMI autogate entry confirmation
☞ If part transportation/delivery plan is established using office SW such as Excel, it is not considered
as automation.

Production The time required to manually establish a shipping/delivery plan when a problem occurs in the automation
7-2 Impact system Less than 1Hour 1 hour required to stable the process

_x000D_# 본 문서는 현대자동차·기아의 정보자산으로 귀사와의 비밀유지계약 및 제반법률에 따라 법적 보호를 받습니다._x000D_ 본 문서는 현대자동차·기아의 정보자산으로 귀사와의 비밀유지계약 및 제반법률에 따라 법적 보호를 받습니다.
#
 ▣ Investigation for the production impact of cybersecurity incident ★ Please be fully familiar with the writing guide and fill it out without any blanks.

★ Please fill it out with all working-level personnel in the relevant area (Sales/Production/Logistics/Procurement/IT/Security).

Classification Investigation items No Description and Writing Guide Answer column References

Sequence item Proportion of sequenced

Information items 1 The proportion of sequenced items among whole parts to be delivered 20%~less than 50%

1) Explain about the Software you are using, Name of

Sequence item supply method
Stock securing level of
sequence items
How sequence items are delivered to HMC/KIA's production line (see the reference on the right) Outside Direct Ready made software, Version. 2) A
2 ☞ Please answer based on the number of items with the minimum inventory among the sequence items. Sequence(SUPPLIE global and Local Team.
R) 3) History of Incident if any (Previous Cyber Issue).
4) Explain about your Automation Cond
3 A duration during which delivery to HMC/KIA is possible only with inventory when production line is discontinued. 1Day~less than Make Sure you are answering all box as
☞ Please answer based on the number of items with the minimum inventory among the sequence items. 2Days

General items Stock securing level of general A duration during which delivery to HMC/KIA is possible only with inventory when production line is discontinued. 1Day~less than
Information items 4 ☞ Please answer based on the items with the minimum inventory among general items other than sequenced items. 2Days

The proportion of automation in the process of establishing a material procurement plan for parts
production
☞ Select the ratio of the number of items automated for material delivery planning among the total (i) We are receiving HMI FG Part plan from our PPC Team(Excel),After receiving PPC FG parts Plan we convert into Raw Material plan in excel
number of items through (BOM-Bill of Material - Tims LIMS ERP)
Automation ☞ Definition of automation: Establish and manage material delivery plans through the computer system (ii) Based on Raw material plan we will send Daily,Weekly & Monthly schedules to supplier
8-1 Level [Example] - Manage material delivery plan through computer system such as ERP Less than 20% (iii) Based on Raw material plan we will prepare Purchase Orders through(TIMS-LIMS ERP) &
Establishing material - Material delivery plan is automatically calculated according to the rules programmed
procurement plan communicate to supplier through mail
in the computer system (iv) Day by Day delivery schedule updated in (TIMS-LIMS ERP) for all suppliers
- Sharing material delivery plan to material suppliers through the computer system
☞ If a material procurement plan is established using office SW such as Excel, it is not considered
as automation.

Production The time required to establish a material procurement plan manually when a problem occurs in the
8-2 Impact map automation system Less than 1Hour NO Imapact automation process , we will manually commucated with excel data.

The proportion of automation in the process in which the part production plan (daily work plan) is delivered
to the workers operating the production facility
☞ Select the ratio of the number of items whose production plan informing process is automated out of the
total number of items
☞ Definition of automation: The worker of the production line checks the amount of work through the
computer system (i)Customer Receive from HMI portal ( Display Sub Daily Requirement screen) - SAP system
[EXAMPLE] - The production plan is managed in the production information system such as ERP, MES, (ii)HMI Plan Download in Excel format
9-1 Automation etc., and the workers check the amount of work through the PC or status display 20%~less than 50% (iii)To compare HMIplan wise stock status of NVH india, Based on stock coverage, Plan for MIP plan Through Excel format
Level equipment placed at the production line. (iv)Plan has Upload in ERP Programme Software
Informing production plan (v)Work order ( Operation plan Priorities) data through ERP system
- The workers check the production plan through the in-house communication system
such as a groupware bulletin board and a in-house mail system using PCs or mobile (vi)ERP data interface with PBS system
devices placed at the production line.

☞ If the workers check the production plan through printouts or commercial communication medias
such as external mail, SNS, etc., it is not regarded as automation.

Production The time required to manually deliver the part production plan to the production line workers when a
9-2 Impact problem occurs in the automation system Less than 1Hour If system problem appear immeditely plan at Excel

The proportion of automation in the process of manufacturing parts

☞ Select the ratio of the number of automated processes to the total number of processes
☞ Definition of automation: Computer systems directly control production facilities (material input,
operation, interruption) to produce parts
[EXAMPLE] - As the sequence system and PLC are interlocked, the equipment produces parts without
operator intervention according to the sequence information (i) As per PPC plan material issue raised through ERP system(TIMS-LIMS) and take required material print sheet through excel and handover
10-1 Automation - Production management systems such as MES directly control production facilities without None(100% to stores incharge
Level operator intervention to produce parts manual) (ii) Production parts count and calculated through the number of shots by pressing machine. Then enter the count in log book manually.
Production facility control - The workers input the work quantity, sequence information, etc. through the automated
system or S/W linked to the production facility Parts production
☞ In addition to entering the information necessary for production into the production facility,
If the production line operator has to perform additional actions, such as putting materials directly
into the facility, it is not considered automation.

10-2 Production The time required to manually switch to restart the production facility when a problem occurs in the Less than 1Hour 1 hour required to stable the process
Impact automation system

The proportion of automation in part quality inspection process

☞ Select the ratio of the number of automated processes to the total number of processes
However, if quality is comprehensively inspected at the final stage after part production is completed,
select "80% or more" (i) FML ( First off/ Middle off / Last off ) Inspection made by manually with NVH - QDMS software system.
Automation ☞ Definition of automation: Quality inspection systems directly control production facilities (ii) IF FML rejection comunication pass through mail automatically to concern department for corrective action.
11-1 Level [EXAMPLE] - Automatic discontinuation of production facilities when defects occur in parts (iii) EOL inspection stage sub parts available confirmation by File safe JIG.
Quality inspection as a result of quality inspection ( Automated System avilable in Covering shelf line only )
- If the quality inspection systems malfunction or shut down, production facilities will be
automatically stopped
☞ If the quality inspection systems simply perform the monitoring role and does not affect the operation of
production facilities even if the quality inspection system is stopped, it is not considered as automation.

Production The time required to manually switch to restart the production facility when a problem occurs in the
11-2 Impact automation system

_x000D_# 본 문서는 현대자동차·기아의 정보자산으로 귀사와의 비밀유지계약 및 제반법률에 따라 법적 보호를 받습니다._x000D_ 본 문서는 현대자동차·기아의 정보자산으로 귀사와의 비밀유지계약 및 제반법률에 따라 법적 보호를 받습니다.
#
 ▣ Investigation for the production impact of cybersecurity incident ★ Please be fully familiar with the writing guide and fill it out without any blanks.

★ Please fill it out with all working-level personnel in the relevant area (Sales/Production/Logistics/Procurement/IT/Security).

Classification Investigation items No Description and Writing Guide Answer column References

Sequence item Proportion of sequenced

Information items 1 The proportion of sequenced items among whole parts to be delivered 20%~less than 50%

1) Explain about the Software you are using, Name of

Sequence item supply method
Stock securing level of
sequence items
How sequence items are delivered to HMC/KIA's production line (see the reference on the right) Outside Direct Ready made software, Version. 2) A
2 ☞ Please answer based on the number of items with the minimum inventory among the sequence items. Sequence(SUPPLIE global and Local Team.
R) 3) History of Incident if any (Previous Cyber Issue).
4) Explain about your Automation Cond
3 A duration during which delivery to HMC/KIA is possible only with inventory when production line is discontinued. 1Day~less than Make Sure you are answering all box as
☞ Please answer based on the number of items with the minimum inventory among the sequence items. 2Days

General items Stock securing level of general A duration during which delivery to HMC/KIA is possible only with inventory when production line is discontinued. 1Day~less than
Information items 4 ☞ Please answer based on the items with the minimum inventory among general items other than sequenced items. 2Days

The proportion of automation in the process of shipping parts

☞ Select the ratio of the number of items automated in the shipment process out of the total number of items
☞ Definition of automation: Shipping finished parts through automated facilities
[EXAMPLE] - Finished parts are shipped automatically according to sequence information through
12-1 Automation a automated facility such as automatic-warehouses that are linked to a direct-sequence
Level system.
Shipment - The worker enters the quantity/sequence information into the automation facility, and
the automation facility loads the parts into the transport vehicle
☞ If the process of shipping parts is carried out without the intervention of automated facilities, it is not
considered as automation
(i) We download sub daily and timely plan form HMI SAP Portal https://hvn.hmil.net/irj/portal
(ii) Convert the plan data to excel format to create NVH Format
20%~less than 50% (iii)Based on pending quantity we gave plan to production for delivery
(iv)Monthly PO download from HMI portal and upload in SMS mapol software for Invoice process
(v) As per given plan to raise the invoice to HMI through SMS mapol/E-invoice software after vechile updatation,E-invoice creation,Push to
HMI port and ASN creation automatically in HMI portal.
(vi) Interface with HMI autogate entry confirmation

12-2 Production The time required to manually switch to re-ship parts when a problem occurs in the automation system Less than 1Hour 1 hour required to stable the process
Impact map

The proportion of automation in the process of delivery from shipment of parts to supply to the assembly line
of the customer's finished car production factory
☞ Select the ratio of the number of items automated in the logistics/delivery process among the total number
of items
☞ Definition of automation:
[EXAMPLE] - In the process of transporting parts, parts are supplied to the final finished vehicle
Automation assembly line through a computer system such as a sequence system or an automated (i)Refer 12.1
13-1 Level warehouse at the middle point such as an intermediate logistics warehouse or sequence 20%~less than 50% (ii) Delviery truck status to check in HMI portal LP truck in /out truck monitoring and Display receipt status (H) (iii)
Logistics/Delivery center. Wheels I software used to track live vehicles status
- Track the location of delivery vehicles and check the arrival of the parts to customer
through the computer system
- Manage distribution or dispatch of delivery vehicles through the computer system
☞ If the process of transporting/delivering parts is carried out without the intervention of the computer system
or automation facilities, it is not considered as automation

Production The time required to manually switch to transport/deliver parts when a problem occurs in the automation
13-2 Impact system Less than 1Hour 1 hour required to stable the process

Checked by IT Head of Approved By

Director
Manager Department MD/EFO

K. Murugeshkumar S. Manikandan Yi Kwan Bae Moon Joo Seo

_x000D_# 본 문서는 현대자동차·기아의 정보자산으로 귀사와의 비밀유지계약 및 제반법률에 따라 법적 보호를 받습니다._x000D_ 본 문서는 현대자동차·기아의 정보자산으로 귀사와의 비밀유지계약 및 제반법률에 따라 법적 보호를 받습니다.
#
 Checked by IT Head of Approved By
Director
Manager Department MD/EFO

K. Murugeshkumar S. Manikandan Yi Kwan Bae Moon Joo Seo

C h e c ke d b y Ap p ro v e d b y
IT Ma n a g e r MD / C FO

Name Name