Compliance support

Supports the customer IT environment to comply with regulations inside and outside of Korea,
for continued growth of customer business in the cloud environment.

Financial companies and electronic financial business entities must comply with the financial sector cloud service usage guide and electronic financial supervision regulations. NAVER Cloud Platform has a strong and fast financial compliance support system through the operation of a dedicated financial organization.


Strong compliance support across financial cloud use

Performing electronic financial business through commercial cloud requires complex financial compliance. The security requirements specified in the Regulation on Supervision of Electronic Financial Activities need to be fulfilled in the cloud environment. At the same time, a review needs to be conducted to identify whether the cloud computing service provider (CSP) has an appropriate cloud security environment and services in accordance with "Article 14-2 Procedures for Using Cloud Computing Services, etc." NAVER Cloud has constructed a system to analyze compliance requirements that occur across these types of cloud use in advance and provide support.

Specialized management of financial compliance through an independent financial zone

To improve its ability to comply with financial compliance, NAVER Cloud operates a financial zone that is physically separated from non-financial industries. With the operation of a separate infrastructure environment, various financial compliances that financial customers comply with in the on-premise environment can be implemented in the same way on NAVER Cloud Platform. Through these activities, NAVER Cloud leads the "substantial financial-specific cloud" environment that is also optimized for the acceptance of access rights and audit rights of financial companies.

Support for prompt comprehensive and regular CSP reviews

Financial companies and electronic financial business entities review the safety of cloud computing service provider (hereafter, CSP) before using the cloud. Among these, the "basic protection measures" can be omitted if domestic and overseas cloud security certifications (4 types)* have been acquired.
* Domestic and overseas cloud security certifications (4 types): Domestic: CSAP (KISA); Overseas: FedRAMP (High), CSA STAR Gold, MTCS Level 3
Having acquired CSAP (KISA), CSA STAR Gold, and MTCS Level 3 certifications, NAVER Cloud can quickly and efficiently support financial companies' CSP safety review. In addition, security trails are secured and provided in preparation of the "regular annual review" conducted after the implementation of the cloud. As such, NAVER Cloud has prepared a systematic support procedure so that the "CSP review procedure" does not become an obstacle to the timely implementation of the customer's cloud business.

Controlled areas
1. Information protection policies and organizations
2. Human security
3. Asset management
4. Service supply chain management
5. Infringement incident management
6. Service continuity management
7. Compliance
8. Physical security
9. Virtualization security
10. Access control
11. Network security
12. Data protection and encryption
13. System development and implementation security

<13 items of basic protection measures in CSP security review>

Operation of "financial regulation response team", the core of the financial compliance support system

Financial companies face various and complex compliance obligations to use the cloud. NAVER Cloud operates a separate "financial regulation response team" to support these compliance obligations. The "financial regulation response team" performs various compliance prediction and response activities, such as analyzing changes in compliance related to financial cloud, applying them to the financial zone prior to the request of financial customers, and performing activities to provide various security trails and materials in a timely manner.
In addition to the direct compliance support activities as mentioned above, a wide range of support activities are performed, such as designing its internal services in consideration of the "self-security review (Article 36 of the Regulation on Supervision of Electronic Financial Activities)", which is expected to be performed in conjunction with the cloud usage activities by financial companies.

Support for financial sector cloud computing service usage guide compliance activities

In addition to the CSP review, financial companies are required to comply with the Regulation on Supervision of Electronic Financial Activities and cloud-related guides (such as additional protection measures in financial sector). For this, clear support and cooperation system from the CSP is essential.
NAVER Cloud effectively responds to cooperation requests from the Financial Services Commission, Financial Supervisory Service, and Computer Security Incident Response Agency, and immediately notifies financial companies and the Computer Security Incident Response Agency while taking responsive measures in the event of a computer failure or electronic trespass. As such, NAVER Cloud has a practical support system for effective compliance of the overall financial sector cloud computing service usage guide.

Support for exit strategy and data destruction according to guidance of financial authorities

NAVER Cloud actively cooperates in procedures related to financial companies' cloud service conversion and termination in accordance with the guidance of the financial authorities. Backup and data transfer services are provides for customers to migrate their existing cloud service usage data while maintaining business continuity, and sufficient time is provided for data transfers of financial customers through flexible mutual agreements.
In addition, the destruction procedure and methods are provided to prevent recovery when deleting data after the exit strategy in enacted. Financial customers can receive a clear confirmation of information destruction status through the "data destruction confirmation."