Passed the Highest Authority International Standard Audits in Information Security
Established by ISO and IEC
The Small Enterprise and Market Service announced on June 10 that it has successfully passed the follow-up audits for two consecutive years for the international standard information security certifications: the Information Security Management System (ISO/IEC 27001:2022) and the Privacy Information Management System (ISO/IEC 27701:2019).
ISO/IEC 27001 and ISO/IEC 27701 are the most authoritative international standards in the field of information security, established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). To obtain ISO/IEC 27001, an organization must pass an audit covering 93 items across four control areas: organizational, personnel, physical, and technical. ISO/IEC 27701 requires meeting 49 criteria across eight domains.
This audit is a critical procedure to assess whether the organization's overall information security level meets international standards. In this follow-up audit, particular focus was placed on evaluating the operational performance and internal improvement measures implemented over the past year, since obtaining the two certifications in May of the previous year.
The Small Enterprise and Market Service has strengthened its implementation framework for protection measures by continuously supporting information security-related certifications and training to enhance the expertise of security personnel, as well as by conducting security education and training for all employees. The organization has also been recognized for its practical capabilities in personal information protection, such as establishing a comprehensive inspection system for the management of data processors and for all stages of personal information collection, storage, and disposal.
In particular, to respond to evolving external threat environments resulting from the expansion of cloud-based services and the diversification of internal information systems, the organization has reorganized its security framework and implemented policies such as access control and access logging for key systems to prevent file tampering and unauthorized access.
Park Sunghyo, President of the Small Enterprise and Market Service, stated, "Maintaining international standard certifications is not merely a formal procedure; it demonstrates that a practical information security system is in operation." He added, "The organization will continue to further advance its systems and personnel to set a model for information security in the era of digital transformation, and will continuously strengthen both managerial and technical security measures to enhance public trust."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
