Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

South Korea: PIPC, KISA, and MSIT announce simplified information protected certification standards

On July 23, 2024, the Ministry of Science and Information Technology (MSIT), the Personal Information Protection Commission (PIPC), and the Korea Internet and Security Agency (KISA) announced the implementation of the 'simple certification of information protection and personal information protection management system' which aims to ease the burden on small and medium-sized businesses (SMEs) seeking to obtain the Information Protection and Personal Information Protection Management System (ISMS and ISMS-P) certification.

What are the ISMS and ISMS-P certifications?

The PIPC stated that the ISMS and ISMS-P certification systems aim to protect key information assets and certify if the information protection management system implemented meets certification standards. Organizations that are required to certify include:

  • major information and communication service providers;
  • integrated information and communication facility operators;
  • companies with information and communication service sales of KRW 10 billion (approx. $7.2 million) or more;
  • companies with an average daily number of users of 1 million or more; and
  • some upper-level general hospitals and universities.

Updates to certification criteria

The Information and Communications Network Act was revised to introduce a system that allows SMEs to obtain certification with the help of relaxed standards and costs according to their size and characteristics.  

The PIPC mentioned that the simplified certification standards can be applied to:

  • SMEs in the information and communication service sector with sales of less than KRW 30 billion (approx. $21.6 million); and
  • medium-sized businesses in the information and communication service sector with sales of KRW 30 billion (approx. $21.6 million) or more that do not have major information and communication facilities in the company.

The PIPC also highlighted that even for companies falling under the qualifications above, if there is a close impact on the lives of citizens the organizations are excluded from using the simplified certification standards. Lastly, the PIPC stated that the certification fee would be reduced.

You can read the press release, only available in Korean, here.