NAVER CLOUD PLATFORM

Information Security Certification Status


  • ISO/IEC 27001, 27017, 27018, 27799, and 22301 Certifications

    Global Certification of Information Security Management System/Information Security for Cloud Services,
    [Scope of certification] For IT platform services and operation of the GAK data center.

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is ISO/IEC 27001 certification? (International standard on information security management system)
    ISO/IEC 27001 is a certification is achieved by conforming to the guidelines of the ISO/IEC 27001 standard for information security management systems. It certifies that the overall security standard of the NAVER CLOUD PLATFORM was recognized in the international standard.
    What is ISO/IEC 27017 certification? (International standard on information security management system in the cloud service)
    Established in 2015, the ISO/IEC 27017 standard provides guidelines for information security controls applied to cloud services and cloud service providers. Certification is achieved by conforming to guidelines for information security policies, information security organization, personnel security, asset management, access control, encryption, operation, communication security, system development security, supply chain management, information security incident control, compliance controls, and additional security controls required for cloud service providers.
    What is ISO/IEC 27018 certification? (International standard on protection of personal data in the cloud service)
    Established in 2014, the ISO/IEC 27018 standard provides guidelines for protecting personally-identifiable information stored in the public cloud. Certification is achieved by conforming to the standard.
    What is ISO/IEC 27799 certification? (International standard on protection of medical data)
    As an international standard certification of the information security management system for medical service or medical information processing organizations to build and operate a medical information protection management system, ISO/IEC 27799 can contribute to the protecting customer's personal medical information using the NAVER CLOUD PLATFORM service.
    What is ISO/IEC 22301 certification? (International standard of the business continuity management)
    ISO/IEC 22301 is an international standard for Business Continuity Management (BCM), which means that the service continuity of the NAVER CLOUD PLATFORM's service verified at an international standard.
    [NAVER CLOUD PLATFORM's Certification Status]
    Naver Business Platform obtained ISO/IEC 27001 certification for the IT platform service in 2010. We maintain this certification through strict audits to ensure the integrity of our information security control system.
    Obtaining additional ISO/IEC 22301, 27017, 27018, and 27799 certifications demonstrates our commitment to providing a stable, reliable cloud service and our dedication to protecting our users’ personal information.
  • SOC 2, 3 certification

    Internal control auditing for providing and operating secured services
    [Scope of certification] NAVER CLOUD PLATFORM

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is the Service Organization Control (SOC) certificate?
    The certificate was designed to improve the reliability of services and service providers and is considered a rigorous and internationally-recognized certification. These certifications are granted based on the International Standards on Assurance Engagements (ISAE) enacted by the International Auditing and Assurance Standards Boards (IAASB) of IT audit specialists from independent companies, who audit the service provider’s organization and its service-related procedures to determine how effectively they are managed and the reliability of their procedures. To obtain a certificate, service providers must demonstrate appropriate internal controls and procedures for providing and operating secure services that are verified for their applicability to the work and presence of any violations. Achieving SOC certification demonstrates that a service provider is implementing and maintaining the highest standard of internal controls. Results of the audit are issued as a detailed audit report.
    [NAVER CLOUD PLATFORM's Certification Status]
    The Naver Business Platform has been awarded SOC 2 and 3 certification, which demonstrates compliance with internal control guidelines. The platform has passed a strict audit process that is focused on protection of user data and these certifications recognize that our personal information management system and internal processes meet or exceed international standards. The NAVER Business Platform SOC 3 Certification Report details how our internal controls ensure security and privacy for our users.

    Note: Access to the SOC 2 Certification Report is restricted to limited parties and is not available to the public.
  • CSA STAR Certification

    A global security certification that quantitatively measures the level of cloud service ability.
    [Scope of certification] NAVER CLOUD PLATFORM/NAVER CLOUD PLATFORM - G

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is CSA STAR certification?
    The Cloud Security Alliance (CSA) issues the Security, Trust, and Assurance Registry (STAR) certification through the Cloud Control Matrix (CCM), which is designed to provide fundamental security principles to guide cloud service providers. CCM v.3.01 defines 133 control items organized into 16 domains. In addition to evaluating whether control requirements have been met, it also determines the maturity of an organization and its processes and produces a scorecard. Certification is only achieved after an organization passes a rigorous evaluation, which provides an objective, third-party assurance that the service provider’s cloud security controls are effective.
    [NAVER CLOUD PLATFORM's Certification Status]
    First among the cloud service providers in Korea, the NAVER CLOUD PLATFORM and NAVER CLOUD PLATFORM[Public Inst] services successfully completed auditing for the CSA STAR certification and received confirmation of having satisfied standard requirements of the British Standards Institution (BSI) as well.
  • PCIDSS Certification

    An international data security standard verification for safe payment information protection.
    [Scope of certification] NAVER Business Platform Inc., an IT inter-platform operation service

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is PCIDSS Certification?
    The Payment Card Industry Data Security (PCIDSS) Certification is an international data security standard developed to foster and promote data security for credit card owners and to promote widespread adoption of consistent data security processes. Major credit card companies like VISA, MasterCard, Amex, JCB, and Diners Club are certified by the Payment Card Industry Security Standard Council (PCISSC), which was established to audit and certify service providers.
    [NAVER CLOUD PLATFORM's Certification Status]
    In 2016, the NAVER Business Platform obtained PCIDSS certification in 11 areas, including Applications & Software, Hardware, and Infrastructure & Network, by passing rigorous audits.
  • PIMS Certification

    Public certification of the personal information management system at the top level in Korea.
    [Scope of certification] NAVER CLOUD PLATFORM

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is PIMS certification?
    Personal Information Management System (PIMS) certification is a system by which the Korea Communications Commission recognizes companies that systematically perform privacy security actions at a level that meets or exceeds given standard.
    [NAVER CLOUD PLATFORM's Certification Status]
    The NAVER CLOUD PLATFORM acquired the PIMS certificate in 2013 and renews the certification every year to verify the stable privacy protection system.
  • ISMS Certification

    Verification of consistent information security management system and maintenance
    [Scope of certification] NAVER Business Platform, a IT inter-platform operation service and internal information system development/operation

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is ISMS certification?
    The Information Security Management System (ISMS) certification is a system that Korea's Ministry of Science, ICT, and Future Planning uses to determine whether companies protection information adequately. In particular, this certificate becomes a measure of whether or not information protection systems satisfy lawful standards.
    [NAVER CLOUD PLATFORM's Certification Status]
    The NAVER Business Platform achieved ISMS certification in 2013 and has maintained the certification since, as a demonstration of high quality information protection systems and processes.
  • CSAP Certification [IaaS, SaaS]

    Certification of information protection levels for cloud services
    [Scope of IaaS certification] NAVER CLOUD PLATFORM (for public institutions)
    [Scope of SaaS certification] System Security Checker / Web Security Checker

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is the Cloud Security Assurance Program (CSAP) IaaS?
    CSAP is a certification of an organization’s compliance with the "Notification of criteria of cloud computing service information protection" requirements issued by the Ministry of Science, ICT, and Future Planning. This certification demonstrates that an organization can provide proven stable and reliable cloud services to the public.
    What is the Cloud Security Assurance Program (CSAP) SaaS?
    As a new certification system of 2018 to apply by extending the scope of CSAP IaaS to SaaS, the NAVER CLOUD PLATFORM's SaaS also demonstrates high stability and reliability that can be supplied to public institutions.
    [Certification for the first time in Korea]
    [NAVER CLOUD PLATFORM's Certification Status]
    The NAVER Business Platform underwent an audit for the administrative, physical and technical protection measures for 14 criteria, 117 were control items, and 217 detailed check items. Korea Internet and Security Agency (KISA) certified the NAVER Business Platform in all 217 items.
    The NAVER CLOUD PLATFORM IaaS underwent an audit for the administrative, physical, and technical protection measures that covered 14 criteria, among which, 117 were control items. Korea Internet and Security Agency (KISA) certified the NAVER Business Platform all 217 items.
    System Security Checker and Web Security Checker–the NAVER Business Platform SaaS–have also obtained certification the same way. We are also planning to acquire certifications for other SaaS products as well.