Information Security Certification

NAVER Cloud Platform continues to strive for the highest level of security,
and our effort to observe compliance has been verified by several domestic and international certification authorities.


  • ISO/IEC 27001, 27017, 27018, 27701, 27799, and 22301 Certifications

    Global Certification of Information Security Management System/Information Security for Cloud Services,
    [Scope of certification] For IT platform services and operation of the GAK data center.

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is ISO/IEC 27001 certification? (International standard on information security management system)
    ISO/IEC 27001 is a certification is achieved by conforming to the guidelines of the ISO/IEC 27001 standard for information security management systems. It certifies that the overall security standard of the NAVER CLOUD PLATFORM was recognized in the international standard.
    What is ISO/IEC 27017 certification? (International standard on information security management system in the cloud service)
    Established in 2015, the ISO/IEC 27017 standard provides guidelines for information security controls applied to cloud services and cloud service providers. Certification is achieved by conforming to guidelines for information security policies, information security organization, personnel security, asset management, access control, encryption, operation, communication security, system development security, supply chain management, information security incident control, compliance controls, and additional security controls required for cloud service providers.
    What is ISO/IEC 27018 certification? (International standard on protection of personal data in the cloud service)
    Established in 2014, the ISO/IEC 27018 standard provides guidelines for protecting personally-identifiable information stored in the public cloud. Certification is achieved by conforming to the standard.
    What is ISO/IEC 27701 certification? (International standard of personal information management system)
    ISO/IEC 27701 is an international standard in personal information protection, and refers to requirements and guidelines for the protection of personally identifiable information (PII), as well as establishment, implementation, maintenance and continuous improvement of personal information management system.
    What is ISO/IEC 27799 certification? (International standard on protection of medical data)
    As an international standard certification of the information security management system for medical service or medical information processing organizations to build and operate a medical information protection management system, ISO/IEC 27799 can contribute to the protecting customer's personal medical information using the NAVER CLOUD PLATFORM service.
    What is ISO/IEC 22301 certification? (International standard of the business continuity management)
    ISO/IEC 22301 is an international standard for Business Continuity Management (BCM), which means that the service continuity of the NAVER CLOUD PLATFORM's service verified at an international standard.
    [NAVER CLOUD PLATFORM's Certification Status]
    NAVER Cloud obtained ISO/IEC 27001 certification for the IT platform service in 2010. We maintain this certification through strict audits to ensure the integrity of our information security control system.
    Obtaining additional ISO/IEC 22301, 27017, 27018, 27701, and 27799 certifications demonstrates our commitment to providing a stable, reliable cloud service and our dedication to protecting our users’ personal information.
  • SOC 1, 2, 3 certification

    Internal control auditing for providing and operating secured services
    [Scope of certification] NAVER CLOUD PLATFORM

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is the Service Organization Control (SOC) certificate?
    As an audit designed to increase the credibility of services and service organizations, it is internationally regarded as a very strict and reliable certificate. The SOC 1 report, following the SSAE 18 certificate standards established by the AICPA (The American Institute of Certified Public Accountants), details the results of whether the user organization's ICFR-related (Internal Control over Financial Reporting) services are appropriately designed and effectively operated to be fit for control. The SOC 2 and SOC 3 reports contain results of whether organization and service-related procedures of businesses that provide security, availability, processing integrity, confidentiality, and personal information privacy-related services are well-managed and reliable. Not only do organizations need to have appropriate internal control protocols regarding safe provision of services and operations, but the protocols must be verified to have been implemented or are in no violation to be issued an certificate. SOC certificate means a business is implemented and operating at a global-level of internal control, and the certification details are issued in the form of an audit report.
    What is the Service Organization Control (SOC) 1 certificate?
    The SOC 1 report details the results of the adequacy of financial reporting control. Results of the details that confirm whether a user organization's ICFR-related services are appropriately designed and effectively operated to be fit for control.
    What is the Service Organization Control (SOC) 2 certificate?
    The SOC 2 report details the results of the adequacy of a service's security controls. Service organizations' management and user businesses can use this report to examine the internal security controls regarding a company's operations.
    What is the Service Organization Control (SOC) 3 certificate?
    The SOC 3 report is a version of the SOC 2 report that is made to be disclosed to the public. The SOC certificate is an audit designed to increase the credibility of services and service organizations. It is internationally regarded as a very strict and reliable certificate.
    [NAVER CLOUD PLATFORM's Certification Status]
    NAVER Cloud Corp. receives the SOC 1 certificate regarding the adequacy of a user organization's ICFR-related services. It also has the SOC 2 and SOC 3 certificates that verify the stability of service and the reliability of the service organization. The platform has passed a strict audit process that is focused on the protection of user data, and these certificates recognize that NAVER Cloud Corp.'s personal information management system and internal processes meet or exceed international standards. The NAVER Cloud Corp.'s SOC 3 report details how our internal controls ensure security and privacy for our users.

    ※ The SOC 1 and SOC 2 certificate reports can only be disclosed to a limited audience for the sake of fulfilling their purpose. Therefore, they are not disclosed to the public.
  • CSA STAR Certification

    A global security certification that quantitatively measures the level of cloud service ability.
    [Scope of certification] NAVER CLOUD PLATFORM/NAVER CLOUD PLATFORM - G

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is CSA STAR certification?
    The Cloud Security Alliance (CSA) issues the Security, Trust, and Assurance Registry (STAR) certification through the Cloud Control Matrix (CCM), which is designed to provide fundamental security principles to guide cloud service providers. CCM v.3.01 defines 133 control items organized into 16 domains. In addition to evaluating whether control requirements have been met, it also determines the maturity of an organization and its processes and produces a scorecard. Certification is only achieved after an organization passes a rigorous evaluation, which provides an objective, third-party assurance that the service provider’s cloud security controls are effective.
    [NAVER CLOUD PLATFORM's Certification Status]
    First among the cloud service providers in Korea, the NAVER CLOUD PLATFORM and NAVER CLOUD PLATFORM[Public Inst] services successfully completed auditing for the CSA STAR certification and received confirmation of having satisfied standard requirements of the British Standards Institution (BSI) as well.
  • PCIDSS Certification

    An international data security standard verification for safe payment information protection.
    [Scope of certification] NAVER Cloud Inc., an IT inter-platform operation service

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is PCIDSS Certification?
    The Payment Card Industry Data Security (PCIDSS) Certification is an international data security standard developed to foster and promote data security for credit card owners and to promote widespread adoption of consistent data security processes. Major credit card companies like VISA, MasterCard, Amex, JCB, and Diners Club are certified by the Payment Card Industry Security Standard Council (PCISSC), which was established to audit and certify service providers.
    [NAVER CLOUD PLATFORM's Certification Status]
    In 2016, the NAVER Cloud obtained PCIDSS certification in 11 areas, including Applications & Software, Hardware, and Infrastructure & Network, by passing rigorous audits.
  • ISMS-P / ISMS Certification

    Personal information and Information Security Management System Certification / Information Security Management System Certification
    [Certification scope]
    ISMS-P: Maintenance and Operation of NAVER CLOUD PLATFORM Service
    ISMS: Maintenance and Operation of IT Platform Service and Internet Data Center
    [Validity period]
    ISMS-P : 2023.10.05 ~ 2026.10.04
    ISMS : 2023.12.16 ~ 2026.12.15

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is ISMS-P certification?
    The ISMS-P certification proves the adequacy of a series of measures and actions to protect information and personal information in accordance with the certification criteria, which can be provided by the Korea Internet Security Agency or other certification institutes. It can serve as the standard to decide whether a company continues its efforts to secure internal information, whether an adequate level of information security is maintained, and whether the company’s information security management system conforms to the standards set forth by laws and regulations.
    [NAVER CLOUD PLATFORM's Certification Status]
    The ISMS certification proves the adequacy of a series of measures and actions to protect information in accordance with the certification criteria, which can be provided by the Korea Internet Security Agency or other certification institutes. It can serve as the standard to decide whether a company continues its efforts to secure internal information, whether an adequate level of information security is maintained, and whether the company’s information security management system conforms to the standards set forth by laws and regulations.

    While the ISMS-P certification includes the security of personal information in its scope, the ISMS certification only focuses on general information security. NAVER CLOUD PLATFORM’s personal information security practices are within the scope of the ISMS-P certification.
    [NAVER CLOUD PLATFORM's Certification Status]
    NAVER Cloud Corp. obtained the ISMS certification in 2010, and the PIMS certification in 2013, and has maintained an outstanding level of personal information and information security management system, keeping the certifications updated ever since. The latest update includes the newly updated ISMS-P certification in 2019.
  • CSAP Certification [IaaS, SaaS, DaaS]

    Certification of information protection levels for cloud services
    [Scope of IaaS certification] NAVER CLOUD PLATFORM (for public institutions)
    [Scope of SaaS certification] System Security Checker / Web Security Checker / Security Monitoring / NAVER WORKS / Webshell Behavior Detector
    [DaaS certification scope] Cloud Desktop

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is the Cloud Security Assurance Program (CSAP) IaaS?
    CSAP is a certification of an organization's compliance with the "Notification of criteria of cloud computing service information protection" requirements issued by the Ministry of Science and ICT. This certification demonstrates that an organization can provide proven stable and reliable cloud services to the public.
    What is the Cloud Security Assurance Program (CSAP) SaaS?
    As a new certification system of 2018 to apply by extending the scope of CSAP IaaS to SaaS, the NAVER CLOUD PLATFORM's SaaS also demonstrates high stability and reliability that can be supplied to public institutions.
    [Certification for the first time in Korea]
    What is Cloud Service Assurance Program (CSAP) DaaS?
    It is a certification for desktops-as-a-service provided by cloud services, consisting of 110 control items in 14 areas with administrative, physical, and technical protective measures, as well as additional protective measures for public organizations.
    [NAVER CLOUD PLATFORM's Certification Status]
    The NAVER Cloud underwent an audit for the administrative, physical and technical protection measures for 14 criteria, 117 were control items, and 217 detailed check items. Korea Internet and Security Agency (KISA) certified the NAVER Cloud in all 217 items.

    The NAVER CLOUD PLATFORM IaaS underwent an audit for the administrative, physical, and technical protection measures that covered 14 criteria, among which, 117 were control items. Korea Internet and Security Agency (KISA) certified the NAVER Cloud all 217 items.
    System Security Checker and Web Security Checker, Security Monitoring–the NAVER Cloud SaaS–have also obtained certification the same way. We are also planning to acquire certifications for other SaaS products as well.
    NAVER Cloud Platform's Cloud Desktop has been verified by KISA as compliant with 110 control items, having been validated for both resource management efficiency and security of DaaS.
  • MTCS Certification

    Standardized global cloud computing multi-tier security system
    [Range of certification] NAVER Cloud Platform and NAVER Cloud Platform financial institutions

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    About MTCS (Multi-Tier Cloud Security) certification
    MTCS (Multi-Tier Cloud Security) is a standardized cloud computing multi-tier security system providing certification services developed by IDA (Infocomm Development Authority of Singapore) and ITSC (Information Technology Standards Committee).
    Based on the international standard such as ISO/IEC 27001, the MTCS (SS 584:2015) for Singapore is the world's first multi-tier cloud security standard guaranteeing strict observance of the following contents under control categories.
    CategoryControl Category
    Cloud Governance Information security management, Human resources, Risk management, Third party, Legal and compliance, Incident management, Data governance
    Cloud infrastructure security Audit logging and monitoring, Secure configuration, Encryption, Security testing and monitoring, System acquisitions and development
    Cloud operations management Physical and environmental, Operations, Change management, Business continuity planning (BCP) and disaster recovery (DR)
    Cloud services administrationCloud services administration
    Cloud user accessCloud user access
    Tenancy and customer isolationTenancy and customer isolation
    MTCS comprises three security levels; from level 1, which provides the basic security, to level 3, which has the capability and maturity to make up for or solve security threats in influential information systems used in the control target organizations with specific matters, such as confidential business data, financial records, medical records, etc.
    [NAVER CLOUD PLATFORM's Certification Status]
    NAVER Cloud Corp. is Korea's first corporation to have obtained the tightest security at the Security Level 3 certification in July 2021. Certifier MTCS strictly evaluated our company on three service categories, which are IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service) of NAVER Cloud Platform.
  • CBPR certification

    Certification of personal information protection management systems to transfer personal information among APEC member countries
    [Certification scope]
    Data of individual and corporate customers in NAVER Cloud Platform's services (private, financial, and public) and data of customers using MYBOX (paid-up members) service

    IntroduceUse of compliance guide

    You can download the certificates from the Compliance Guide Service Console page after logging in.

    What is CBPR certification?
    APEC CBPR certification is global personal information protection certification developed to support free and safe transfer of personal information and facilitation of electronic commerce among member countries. 9 countries, including Korea, United States, Japan, and Singapore, are included in the certification, and the certification validates the competency in transferring personal information overseas and processing it.
    [NAVER Cloud Platform's certification management status]
    NAVER Cloud Corp. has acquired the first CBPR certification amongst Korean CSP companies. Based on 9 APEC privacy principles, our personal information management system's safety and reliability have been validated for paid services in NAVER Cloud Platform and MYBOX.