NAVER CLOUD PLATFORM

Information Security Certification Status


  • ISO/IEC 27001, 27017, 27018, 27799, and 22301 Certifications

    Global Certification of Information Security Management System/Information Security for Cloud Services,
    [Scope of certification] For IT platform services and operation of the GAK data center.

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is ISO/IEC 27001 certification? (International standard on information security management system)
    ISO/IEC 27001 is a certification is achieved by conforming to the guidelines of the ISO/IEC 27001 standard for information security management systems. It certifies that the overall security standard of the NAVER CLOUD PLATFORM was recognized in the international standard.
    What is ISO/IEC 27017 certification? (International standard on information security management system in the cloud service)
    Established in 2015, the ISO/IEC 27017 standard provides guidelines for information security controls applied to cloud services and cloud service providers. Certification is achieved by conforming to guidelines for information security policies, information security organization, personnel security, asset management, access control, encryption, operation, communication security, system development security, supply chain management, information security incident control, compliance controls, and additional security controls required for cloud service providers.
    What is ISO/IEC 27018 certification? (International standard on protection of personal data in the cloud service)
    Established in 2014, the ISO/IEC 27018 standard provides guidelines for protecting personally-identifiable information stored in the public cloud. Certification is achieved by conforming to the standard.
    What is ISO/IEC 27799 certification? (International standard on protection of medical data)
    As an international standard certification of the information security management system for medical service or medical information processing organizations to build and operate a medical information protection management system, ISO/IEC 27799 can contribute to the protecting customer's personal medical information using the NAVER CLOUD PLATFORM service.
    What is ISO/IEC 22301 certification? (International standard of the business continuity management)
    ISO/IEC 22301 is an international standard for Business Continuity Management (BCM), which means that the service continuity of the NAVER CLOUD PLATFORM's service verified at an international standard.
    [NAVER CLOUD PLATFORM's Certification Status]
    Naver Business Platform obtained ISO/IEC 27001 certification for the IT platform service in 2010. We maintain this certification through strict audits to ensure the integrity of our information security control system.
    Obtaining additional ISO/IEC 22301, 27017, 27018, and 27799 certifications demonstrates our commitment to providing a stable, reliable cloud service and our dedication to protecting our users’ personal information.
  • SOC 1, 2, 3 certification

    Internal control auditing for providing and operating secured services
    [Scope of certification] NAVER CLOUD PLATFORM

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is the Service Organization Control (SOC) certificate?
    서비스 및 서비스 조직에 대한 신뢰도를 높이기 위한 감사활동으로 국제적으로도 매우 엄격하고 공신력 있는 것으로 평가되고 있습니다. 미국공인회계사협회(AICPA-The American Institute of Certified Public Accountants)가 제정한 SSAE 18 인증 기준에 따라 SOC 1 보고서는 이용자 조직의 재무보고 내부통제(ICFR-Internal Control over Financial Reporting)와 관련 있는 통제목적에 부합하도록 적절히 설계되고 효과적으로 운영되고 있는지를 확인한 결과를 담고 있습니다. SOC 2, 3 보고서는 보안성, 가용성, 처리 무결성, 기밀성 및 개인정보보호 관련하여 서비스를 제공하는 기업의 조직 및 서비스 관련 업무절차들이 얼마나 잘 관리되고 신뢰할 수 있는지를 확인한 결과를 담고 있습니다. 조직이 안전한 서비스 제공 및 운영을 위한 적절한 내부 통제절차를 가지고 있어야 함은 물론이고 실제로 이것들이 업무에 반영되었는지 혹은 위반사항이 없었는지 등까지 검증되어야만 발급을 받을 수 있어서, SOC 인증을 받았다는 것은 글로벌 수준의 내부통제가 구현 운영되고 있다는 것을 의미하며 그 결과는 상세한 내용을 담아 감사 보고서 형태로 발급이 됩니다.
    SOC(Service Organization Control) 1 인증이란?
    SOC 1 보고서는 재무보고 통제의 적절성을 확인한 결과를 담고 있습니다. 이용자 조직의 재무보고 내부통제와 관련 있는 통제목적에 부합하도록 적절히 설계되고 효과적으로 운영되고 있는지를 확인한 결과를 담고 있습니다.
    SOC(Service Organization Control) 2 인증이란?
    SOC 2 보고서는 서비스의 보안통제 적절성을 확인한 결과를 담고 있습니다. 서비스 조직의 경영진과 이용자 기업 등은 본 보고서를 통해 회사 서비스 운영에 대한 보안 내부통제 적정성을 검토 할 수 있습니다.
    SOC(Service Organization Control) 3 인증이란?
    SOC 3 보고서는 SOC 2 기반의 보고서를 공개 가능한 버전으로 구성한 것입니다. SOC 인증은 서비스 및 서비스 조직에 대한 신뢰도를 높이기 위해 고안된 감사의 일종으로 국제적으로도 매우 엄격하고 공신력 있는 것으로 평가되고 있습니다.
    [NAVER CLOUD PLATFORM's Certification Status]
    네이버비즈니스플랫폼㈜는 이용자 조직의 재무보고 내부통제와 관련된 서비스의 내부통제 적정성 관련해서 SOC 1 인증을, 서비스에 대한 안전성과 서비스 조직의 신뢰성을 검증받기 위해 SOC 2, 3 인증을 받았습니다. 이용자 프라이버시 보호에 초점을 맞추어 개인정보 보호에 특화된 엄격한 감사(audit)을 받았으며, 서비스 제공 및 운영 전반에 걸쳐 네이버비즈니스플랫폼㈜의 개인정보보호 관리체계 및 내부통제 수준이 글로벌 수준을 상회한다는 결과를 확인 받았습니다. 네이버비즈니스플랫폼㈜의 SOC 3 보고서는 보안 및 개인정보보호에 대한 내부 시스템 수준을 확인할 수 있는 정보를 담고 있습니다.

    ※ SOC 1, 2 인증 보고서는 그 목적상 제한된 대상에게만 공개하도록 규정되어 있어 일반에 공개되지 않습니다.
  • CSA STAR Certification

    A global security certification that quantitatively measures the level of cloud service ability.
    [Scope of certification] NAVER CLOUD PLATFORM/NAVER CLOUD PLATFORM - G

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is CSA STAR certification?
    The Cloud Security Alliance (CSA) issues the Security, Trust, and Assurance Registry (STAR) certification through the Cloud Control Matrix (CCM), which is designed to provide fundamental security principles to guide cloud service providers. CCM v.3.01 defines 133 control items organized into 16 domains. In addition to evaluating whether control requirements have been met, it also determines the maturity of an organization and its processes and produces a scorecard. Certification is only achieved after an organization passes a rigorous evaluation, which provides an objective, third-party assurance that the service provider’s cloud security controls are effective.
    [NAVER CLOUD PLATFORM's Certification Status]
    First among the cloud service providers in Korea, the NAVER CLOUD PLATFORM and NAVER CLOUD PLATFORM[Public Inst] services successfully completed auditing for the CSA STAR certification and received confirmation of having satisfied standard requirements of the British Standards Institution (BSI) as well.
  • PCIDSS Certification

    An international data security standard verification for safe payment information protection.
    [Scope of certification] NAVER Business Platform Inc., an IT inter-platform operation service

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is PCIDSS Certification?
    The Payment Card Industry Data Security (PCIDSS) Certification is an international data security standard developed to foster and promote data security for credit card owners and to promote widespread adoption of consistent data security processes. Major credit card companies like VISA, MasterCard, Amex, JCB, and Diners Club are certified by the Payment Card Industry Security Standard Council (PCISSC), which was established to audit and certify service providers.
    [NAVER CLOUD PLATFORM's Certification Status]
    In 2016, the NAVER Business Platform obtained PCIDSS certification in 11 areas, including Applications & Software, Hardware, and Infrastructure & Network, by passing rigorous audits.
  • PIMS Certification

    Public certification of the personal information management system at the top level in Korea.
    [Scope of certification] NAVER CLOUD PLATFORM

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is PIMS certification?
    Personal Information Management System (PIMS) certification is a system by which the Korea Communications Commission recognizes companies that systematically perform privacy security actions at a level that meets or exceeds given standard.
    [NAVER CLOUD PLATFORM's Certification Status]
    The NAVER CLOUD PLATFORM acquired the PIMS certificate in 2013 and renews the certification every year to verify the stable privacy protection system.
  • ISMS Certification

    Verification of consistent information security management system and maintenance
    [Scope of certification] NAVER Business Platform, a IT inter-platform operation service and internal information system development/operation

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is ISMS certification?
    The Information Security Management System (ISMS) certification is a system that Korea's Ministry of Science, ICT, and Future Planning uses to determine whether companies protection information adequately. In particular, this certificate becomes a measure of whether or not information protection systems satisfy lawful standards.
    [NAVER CLOUD PLATFORM's Certification Status]
    The NAVER Business Platform achieved ISMS certification in 2013 and has maintained the certification since, as a demonstration of high quality information protection systems and processes.
  • CSAP Certification [IaaS, SaaS]

    Certification of information protection levels for cloud services
    [Scope of IaaS certification] NAVER CLOUD PLATFORM (for public institutions)
    [Scope of SaaS certification] System Security Checker / Web Security Checker

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is the Cloud Security Assurance Program (CSAP) IaaS?
    CSAP is a certification of an organization's compliance with the "Notification of criteria of cloud computing service information protection" requirements issued by the Ministry of Science, ICT, and Future Planning. This certification demonstrates that an organization can provide proven stable and reliable cloud services to the public.
    What is the Cloud Security Assurance Program (CSAP) SaaS?
    As a new certification system of 2018 to apply by extending the scope of CSAP IaaS to SaaS, the NAVER CLOUD PLATFORM's SaaS also demonstrates high stability and reliability that can be supplied to public institutions.
    [Certification for the first time in Korea]
    [NAVER CLOUD PLATFORM's Certification Status]
    The NAVER Business Platform underwent an audit for the administrative, physical and technical protection measures for 14 criteria, 117 were control items, and 217 detailed check items. Korea Internet and Security Agency (KISA) certified the NAVER Business Platform in all 217 items.

    The NAVER CLOUD PLATFORM IaaS underwent an audit for the administrative, physical, and technical protection measures that covered 14 criteria, among which, 117 were control items. Korea Internet and Security Agency (KISA) certified the NAVER Business Platform all 217 items.
    System Security Checker and Web Security Checker–the NAVER Business Platform SaaS–have also obtained certification the same way. We are also planning to acquire certifications for other SaaS products as well.