NAVER CLOUD PLATFORM

For Platform 2.0 Only

Compliance Guide Update

고객이 보안 인증이나 규제에 대응하는 데 필요한 사항들을 알기 쉽게 정리한 가이드를 제공합니다.

Helpful Response to Security Authentications

The Compliance Guide provides information on certificates and related documents owned by NAVER CLOUD PLATFORM to help you gain security certification. You can find beneficial information, such as which control items are released or additional actions required by you when using the NAVER CLOUD PLATFORM service.

Security Certificates and Guide Documents
Security certificates owned by the NAVER CLOUD PLATFORM are provided. You can use the certificates as evidentiary documents when you are still in the process of applying for security certifications. Other helpful documents are provided to help you acquire the certification.
Guide on Roles of Cloud Service Provider and Customer
We provide information on your responsibilities and the cloud service provider, such as NBP, when preparing for the security certification. You can also check the combined responsibilities of you and NBP on each certification guide.
Guide on Required Products for Certification and Compliance
We provide information on how you can meet security certificates or compliance using various services of the NAVER CLOUD PLATFORM. We also provide information on products that need to follow the certification standards so you take appropriate measures for security certification.

Detailed Features

NAVER CLOUD PLATFORM Certificates and Documents Provided via the Compliance Guide

Security CertificatesFirst Acquisition DateProvided Documents
KISA ISMS2013. 9. 13 • Certification
• Responsibility Matrix
KISA PIMS2013. 9. 13 • Certification
• Responsibility Matrix
PCI DSS2015. 9. 30 • Certification
• Responsibility Matrix
• AOC (Attestation of Compliance)
ISO 270012010. 11. 26• Certification
ISO 270172016. 7. 29• Certification
ISO 270182016. 7. 30• Certification
CSA STAR2017. 2. 10• Certification
CSAP2017. 2. 24• Certification
SOC 2, 32017. 1. 26• Report

Coverage: Easy Checking of Required Details

You can use the Coverage feature of the Compliance Guide to identify the responsibilities of the customer and the service provider to apply control items in accordance to the certification standard.

In order to prepare for the security certification, an understanding of the certification standard is essential. You must first evaluate the conditions of your service environment and identify any parts that are not in compliance to the certification standards to adjust and manage control items for certification.

If you are using a cloud environment, you must clearly distinguish between your responsibilities and the responsibilities of the cloud service provider. The two responsibilities are separate due to the characteristics of a cloud service. This is the main difference with preparing a security certification for an on-premise environment.
Client CSP
Cloud LayerService Models
IaaSPaaSSaaS
Data
Interfaces (APIs, GUIs)
Applications
Solution Stack (Programming languages)
Operating Systems (OS)
Virtual Machines
Virtual network infrastructure
Hypervisors
Processing and Memory
Data Storage (hard drives, removable disks, backups, etc.)
Network (interfaces and devices, communications infrastructure)
Physical facilities/data centers
You must apply security controls on the components of your responsibility to meet the certification standard. The component adjustments on cloud that cannot be performed by you can be done by the cloud service provider, which owns the security certification.

The cloud service supports basic functions. However, you must be aware of the shared responsibility for the components where you implement controls by setting up a policy.

Product: The Cloud Product Guide for Security Certification

The Product feature of the Compliance Guide shows which products of the NAVER CLOUD PLATFORM satisfy the security standards. It also provides a guideline on compliance and measures when using the NAVER CLOUD PLATFORM products to comply with security standards.

You can use this feature to easily find the product you need for security compliance and prepare a product introduction plan.

This service is free of charge.

Was this page helpful?

Please share your opinion and any suggestions for us.
0/5000
Please enter content.
Send Opinion