Korea Information Security Management System

Overview

Amazon Web Services (AWS) is the first global cloud service provider to achieve the Korea-Information Security Management System (K-ISMS) certification. This certification helps enterprises and organizations across Korea to meet compliance requirements more effectively, and accelerate business transformation using the best-in-class technology delivered from the highly secure and reliable AWS Cloud.

Korea Information Security Management System (K-ISMS) is a Korean government-backed certification sponsored by Korea Internet and Security Agency (KISA) and affiliated with the Korean Ministry of Science and ICT (MSIT).

K-ISMS was introduced in 2002 to meet local legal requirements and ICT environment in Korea based on Article 47 (ISMS certification) in Act on Promotion of Information Communications Network Utilization and Information Protection. K-ISMS serves as a standard for evaluating whether enterprises and organizations operate and manage their information security management systems consistently and securely such that they thoroughly protect their information assets.

With this certification, enterprises and organizations in Korea that need the K-ISMS certification can use the work that AWS has done to reduce the time and cost of getting their own certification.

AWS services in scope for the K-ISMS certification can be found at AWS Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have interest in other services please contact us.

ISMS logo

K-ISMS Customer Testimonials

SHINHAN FINANCIAL GROUP

We have been closely working with AWS to accelerate our digital transformation while complying with the government’s financial services regulations. We believe the K-ISMS certification that AWS has become the first global cloud service provider to achieve, is the result of the company’s continuous effort to address considerations about cloud security adoption for some major industries including finance. We will continue to work closely with AWS to accelerate our decision making, and reduce IT costs as well as gain meaningful insights, thereby creating differentiated customer value.

KOREA UNIVERSITY

The importance of information security is emphasized more than ever before, and I believe that the education sector is responsible for safely managing important information relating to schools and students. As AWS has now achieved K-ISMS certification, this will be a great opportunity for the education sector to enable cost-effective cloud services that will not only reduce the cost and effort of IT infrastructure management, but also help us to effectively fulfill the government’s requirements for information security and compliance.

Page topics

General
7
AWS on K-ISMS
5

General

Open all

An Information Security Management System (ISMS) is a comprehensive set of frameworks that contain policies and procedures to systematically and continuously protect sensitive data from various threats.

Korea Information Security Management System (K-ISMS) is a certification system to assess if an enterprise's or organization's information security management system is properly established, managed and operated.

The legal background is provided in Article 47 (ISMS Certification) in "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.".

As per Article 47 (ISMS Certification) in "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.", the Korea Internet & Security Agency (KISA) or an assessment body appointed by the Ministry of Science and ICT (MSIT) conducts a certification audit.

There are compulsory and voluntary applicants. Compulsory applicants may include certain: (1) Internet Service Providers (ISP), (2) Internet Data Centers (IDC), (3) general hospitals, (4) educational institutions and (5) Internet communications service providers. Please review the KISA website for more details regarding the applicable criteria. Voluntary subjects may voluntarily apply for a K-ISMS certification. AWS obtained K-ISMS certification in December 2017 as a voluntary subject.

By implementing systematic and comprehensive information security measures instead of one-time adhoc information security measures, the level of information security management of enterprises and organizations may be improved. Enterprises and organizations can respond swiftly in case of incidents such as hacking or DDoS and minimize damage and loss by establishing an information security management system.

Korea Internet & Security Agency (KISA) provides a list of K-ISMS certified enterprises and organizations via its website.

AWS on K-ISMS

Open all

Asia Pacific (Seoul) Region and the AWS Edge Location located in Seoul, South Korea.

The covered AWS services that are within the scope of the K-ISMS certification can be found within AWS Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have interest in other services please contact us.

AWS' K-ISMS certification is effective for a period of 3 years from the certification date (i.e., December 27, 2017), as long as AWS passes an annual surveillance audit.

As per the Shared Responsibility Model, AWS' K-ISMS certification demonstrates the "Security of the Cloud," enabling customers to focus their resources on items related to "Security in the Cloud" in connection with their K-ISMS certification process.

A copy of the AWS K-ISMS certificate is available to customers by using AWS Artifact, a self-service portal for on-demand access to AWS compliance reports. Sign in to AWS Artifact in the AWS Management Console, or learn more at Getting Started with AWS Artifact.
Have Questions? Connect with an AWS Business Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »