[Asia Economy Reporter Seulgina Jo] The Ministry of Science and ICT and the Personal Information Protection Commission announced on the 1st that they will actively promote improvements to the Information Security Management System (ISMS) and Personal Information Protection Management System (ISMS-P) certification systems to eliminate blind spots in information security and minimize duplication and overlap.
First, an ISMS certification audit system specialized for virtual asset operators and small and medium-sized enterprises (SMEs) will be established. Although virtual asset businesses have characteristics of financial services, due to the lack of legal status and institutional foundation for operators, ISMS certification audit items suitable for the information and communication service sector have been applied for certification.
The Ministry of Science and ICT and the Protection Commission, in collaboration with the Financial Services Commission (Financial Security Institute), have developed specialized inspection items for virtual assets (56 items including wallet and cryptographic key management, electronic ledger management, unauthorized transfer detection, etc.) and plan to announce and apply them to ISMS certification audits starting this November.
An ISMS certification system for SMEs will also be prepared by streamlining the ISMS certification item procedures (102 items) so that small and medium-sized enterprises, for whom information security is important, can prepare for ISMS certification on their own without unnecessary cost consumption.
Along with this, the Ministry of Science and ICT and the Protection Commission will integrate similar systems centered on ISMS-P to maintain personal information and information security while reducing the burden on companies.
Until now, the ISMS-P certification scope included the information security management systems of consigned companies such as call centers and courier companies, causing inconvenience as consigned companies had to undergo repeated on-site inspections every time the contracting companies conducted ISMS-P certification audits. Therefore, if a consigned company obtains ISMS-P certification, on-site inspections of the consigned company by contracting companies will be exempted. For example, a call center with three client companies previously underwent three on-site inspections but will now be reduced to one.
Also, considering the many similar certification items between cloud service security certification and ISMS, when an ISMS-certified company applies for cloud security certification, 54% of the certification items (from 117 items to 54 items) can be exempted from review.
In addition, an amendment to the Information and Communications Network Act is being promoted, which exempts universities that have obtained an ‘Excellent (80 points)’ grade in the information security level diagnosis led by the Ministry of Education from the obligation to obtain ISMS certification.
Among the 13 universities that failed to comply with the ISMS certification obligation (with more than 10,000 enrolled students, 44 universities), 10 universities obtained an ‘Excellent’ grade in this year’s Ministry of Education information security level diagnosis and are expected to be exempted from ISMS certification. These include Chosun University, Kyungpook National University, Chungbuk National University, Chonnam National University, Kongju National University, Pukyong National University, Gyeongsang National University, Pusan National University, Chungnam National University, and Seoul National University of Science and Technology.
A government official stated, “This improvement of the information security and personal information protection management system will greatly contribute to reducing the administrative burden on companies and universities and eliminating blind spots in information security,” and added, “The government will continue to listen to voices from the field and strengthen support so that companies and institutions do not face difficulties in conducting information security activities through related system improvements and support measures.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
