NAVER CLOUD PLATFORM

Information Security Certification Status


  • ISO/IEC 27001, 27017, 27018, 27799, and 22301 Certifications

    Global Certification of Information Security Management System/Information Security for Cloud Services,
    [Scope of certification] For IT platform services and operation of the GAK data center.

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is ISO/IEC 27001 certification? (International standard on information security management system)
    ISO/IEC 27001 is a certification is achieved by conforming to the guidelines of the ISO/IEC 27001 standard for information security management systems. It certifies that the overall security standard of the NAVER CLOUD PLATFORM was recognized in the international standard.
    What is ISO/IEC 27017 certification? (International standard on information security management system in the cloud service)
    Established in 2015, the ISO/IEC 27017 standard provides guidelines for information security controls applied to cloud services and cloud service providers. Certification is achieved by conforming to guidelines for information security policies, information security organization, personnel security, asset management, access control, encryption, operation, communication security, system development security, supply chain management, information security incident control, compliance controls, and additional security controls required for cloud service providers.
    What is ISO/IEC 27018 certification? (International standard on protection of personal data in the cloud service)
    Established in 2014, the ISO/IEC 27018 standard provides guidelines for protecting personally-identifiable information stored in the public cloud. Certification is achieved by conforming to the standard.
    What is ISO/IEC 27799 certification? (International standard on protection of medical data)
    As an international standard certification of the information security management system for medical service or medical information processing organizations to build and operate a medical information protection management system, ISO/IEC 27799 can contribute to the protecting customer's personal medical information using the NAVER CLOUD PLATFORM service.
    What is ISO/IEC 22301 certification? (International standard of the business continuity management)
    ISO/IEC 22301 is an international standard for Business Continuity Management (BCM), which means that the service continuity of the NAVER CLOUD PLATFORM's service verified at an international standard.
    [NAVER CLOUD PLATFORM's Certification Status]
    NAVER Cloud obtained ISO/IEC 27001 certification for the IT platform service in 2010. We maintain this certification through strict audits to ensure the integrity of our information security control system.
    Obtaining additional ISO/IEC 22301, 27017, 27018, and 27799 certifications demonstrates our commitment to providing a stable, reliable cloud service and our dedication to protecting our users’ personal information.
  • SOC 1, 2, 3 certification

    Internal control auditing for providing and operating secured services
    [Scope of certification] NAVER CLOUD PLATFORM

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is the Service Organization Control (SOC) certificate?
    As an audit designed to increase the credibility of services and service organizations, it is internationally regarded as a very strict and reliable certificate. The SOC 1 report, following the SSAE 18 certificate standards established by the AICPA (The American Institute of Certified Public Accountants), details the results of whether the user organization's ICFR-related (Internal Control over Financial Reporting) services are appropriately designed and effectively operated to be fit for control. The SOC 2 and SOC 3 reports contain results of whether organization and service-related procedures of businesses that provide security, availability, processing integrity, confidentiality, and personal information privacy-related services are well-managed and reliable. Not only do organizations need to have appropriate internal control protocols regarding safe provision of services and operations, but the protocols must be verified to have been implemented or are in no violation to be issued an certificate. SOC certificate means a business is implemented and operating at a global-level of internal control, and the certification details are issued in the form of an audit report.
    What is the Service Organization Control (SOC) 1 certificate?
    The SOC 1 report details the results of the adequacy of financial reporting control. Results of the details that confirm whether a user organization's ICFR-related services are appropriately designed and effectively operated to be fit for control.
    What is the Service Organization Control (SOC) 2 certificate?
    The SOC 2 report details the results of the adequacy of a service's security controls. Service organizations' management and user businesses can use this report to examine the internal security controls regarding a company's operations.
    What is the Service Organization Control (SOC) 3 certificate?
    The SOC 3 report is a version of the SOC 2 report that is made to be disclosed to the public. The SOC certificate is an audit designed to increase the credibility of services and service organizations. It is internationally regarded as a very strict and reliable certificate.
    [NAVER CLOUD PLATFORM's Certification Status]
    NAVER Cloud Corp. receives the SOC 1 certificate regarding the adequacy of a user organization's ICFR-related services. It also has the SOC 2 and SOC 3 certificates that verify the stability of service and the reliability of the service organization. The platform has passed a strict audit process that is focused on the protection of user data, and these certificates recognize that NAVER Cloud Corp.'s personal information management system and internal processes meet or exceed international standards. The NAVER Cloud Corp.'s SOC 3 report details how our internal controls ensure security and privacy for our users.

    ※ The SOC 1 and SOC 2 certificate reports can only be disclosed to a limited audience for the sake of fulfilling their purpose. Therefore, they are not disclosed to the public.
  • CSA STAR Certification

    A global security certification that quantitatively measures the level of cloud service ability.
    [Scope of certification] NAVER CLOUD PLATFORM/NAVER CLOUD PLATFORM - G

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is CSA STAR certification?
    The Cloud Security Alliance (CSA) issues the Security, Trust, and Assurance Registry (STAR) certification through the Cloud Control Matrix (CCM), which is designed to provide fundamental security principles to guide cloud service providers. CCM v.3.01 defines 133 control items organized into 16 domains. In addition to evaluating whether control requirements have been met, it also determines the maturity of an organization and its processes and produces a scorecard. Certification is only achieved after an organization passes a rigorous evaluation, which provides an objective, third-party assurance that the service provider’s cloud security controls are effective.
    [NAVER CLOUD PLATFORM's Certification Status]
    First among the cloud service providers in Korea, the NAVER CLOUD PLATFORM and NAVER CLOUD PLATFORM[Public Inst] services successfully completed auditing for the CSA STAR certification and received confirmation of having satisfied standard requirements of the British Standards Institution (BSI) as well.
  • PCIDSS Certification

    An international data security standard verification for safe payment information protection.
    [Scope of certification] NAVER Cloud Inc., an IT inter-platform operation service

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is PCIDSS Certification?
    The Payment Card Industry Data Security (PCIDSS) Certification is an international data security standard developed to foster and promote data security for credit card owners and to promote widespread adoption of consistent data security processes. Major credit card companies like VISA, MasterCard, Amex, JCB, and Diners Club are certified by the Payment Card Industry Security Standard Council (PCISSC), which was established to audit and certify service providers.
    [NAVER CLOUD PLATFORM's Certification Status]
    In 2016, the NAVER Cloud obtained PCIDSS certification in 11 areas, including Applications & Software, Hardware, and Infrastructure & Network, by passing rigorous audits.
  • ISMS-P / ISMS Certification

    Personal information and Information Security Management System Certification / Information Security Management System Certification
    [Certification scope]
    ISMS-P: NAVER CLOUD PLATFORM’s domestic service operation, management of NAVER CLOUD PLATFORM users’ personal information
    ISMS: IT platform operation service, Internet data center operation

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is ISMS-P certification?
    The ISMS-P certification proves the adequacy of a series of measures and actions to protect information and personal information in accordance with the certification criteria, which can be provided by the Korea Internet Security Agency or other certification institutes. It can serve as the standard to decide whether a company continues its efforts to secure internal information, whether an adequate level of information security is maintained, and whether the company’s information security management system conforms to the standards set forth by laws and regulations.
    [NAVER CLOUD PLATFORM's Certification Status]
    The ISMS certification proves the adequacy of a series of measures and actions to protect information in accordance with the certification criteria, which can be provided by the Korea Internet Security Agency or other certification institutes. It can serve as the standard to decide whether a company continues its efforts to secure internal information, whether an adequate level of information security is maintained, and whether the company’s information security management system conforms to the standards set forth by laws and regulations.

    While the ISMS-P certification includes the security of personal information in its scope, the ISMS certification only focuses on general information security. NAVER CLOUD PLATFORM’s personal information security practices are within the scope of the ISMS-P certification.
    [NAVER CLOUD PLATFORM's Certification Status]
    NAVER Cloud Corp. obtained the ISMS certification in 2010, and the PIMS certification in 2013, and has maintained an outstanding level of personal information and information security management system, keeping the certifications updated ever since. The latest update includes the newly updated ISMS-P certification in 2019.
  • CSAP Certification [IaaS, SaaS]

    Certification of information protection levels for cloud services
    [Scope of IaaS certification] NAVER CLOUD PLATFORM (for public institutions)
    [Scope of SaaS certification] System Security Checker / Web Security Checker

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is the Cloud Security Assurance Program (CSAP) IaaS?
    CSAP is a certification of an organization's compliance with the "Notification of criteria of cloud computing service information protection" requirements issued by the Ministry of Science, ICT, and Future Planning. This certification demonstrates that an organization can provide proven stable and reliable cloud services to the public.
    What is the Cloud Security Assurance Program (CSAP) SaaS?
    As a new certification system of 2018 to apply by extending the scope of CSAP IaaS to SaaS, the NAVER CLOUD PLATFORM's SaaS also demonstrates high stability and reliability that can be supplied to public institutions.
    [Certification for the first time in Korea]
    [NAVER CLOUD PLATFORM's Certification Status]
    The NAVER Cloud underwent an audit for the administrative, physical and technical protection measures for 14 criteria, 117 were control items, and 217 detailed check items. Korea Internet and Security Agency (KISA) certified the NAVER Cloud in all 217 items.

    The NAVER CLOUD PLATFORM IaaS underwent an audit for the administrative, physical, and technical protection measures that covered 14 criteria, among which, 117 were control items. Korea Internet and Security Agency (KISA) certified the NAVER Cloud all 217 items.
    System Security Checker and Web Security Checker–the NAVER Cloud SaaS–have also obtained certification the same way. We are also planning to acquire certifications for other SaaS products as well.