Korea Information Security Management System
Overview
[Scope of Certification] Operation of infrastructure of Amazon Web Services (AWS) Seoul region (excluded physical infrastructure not audited)
[Period of Validity] 2023.12.16 ~ 2026.12.15
Amazon Web Services (AWS) is the first global cloud service provider to achieve the Korea-Information Security Management System (K-ISMS) certification. This certification helps enterprises and organizations across Korea to meet compliance requirements more effectively, and accelerate business transformation using the best-in-class technology delivered from the highly secure and reliable AWS Cloud.
Korea Information Security Management System (K-ISMS) is a Korean government-backed certification sponsored by Korea Internet and Security Agency (KISA) and affiliated with the Korean Ministry of Science and ICT (MSIT).
K-ISMS was introduced in 2002 to meet local legal requirements and ICT environment in Korea based on Article 47 (ISMS certification) in Act on Promotion of Information Communications Network Utilization and Information Protection. K-ISMS serves as a standard for evaluating whether enterprises and organizations operate and manage their information security management systems consistently and securely such that they thoroughly protect their information assets.
With this certification, enterprises and organizations in Korea that need the K-ISMS certification can use the work that AWS has done to reduce the time and cost of getting their own certification.
AWS services in scope for the K-ISMS certification can be found at AWS Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have interest in other services please contact us.
K-ISMS Customer Testimonials
We have been closely working with AWS to accelerate our digital transformation while complying with the government’s financial services regulations. We believe the K-ISMS certification that AWS has become the first global cloud service provider to achieve, is the result of the company’s continuous effort to address considerations about cloud security adoption for some major industries including finance. We will continue to work closely with AWS to accelerate our decision making, and reduce IT costs as well as gain meaningful insights, thereby creating differentiated customer value.
SHINHAN FINANCIAL GROUP
The importance of information security is emphasized more than ever before, and I believe that the education sector is responsible for safely managing important information relating to schools and students. As AWS has now achieved K-ISMS certification, this will be a great opportunity for the education sector to enable cost-effective cloud services that will not only reduce the cost and effort of IT infrastructure management, but also help us to effectively fulfill the government’s requirements for information security and compliance.
KOREA UNIVERSITY
AWS cloud services deliver outstanding reliability and scalability, and have helped us speed up time-to-market and provide our customers with a better user experience. AWS has continued to address the information security requirements of Korean customers and the Korean government and has now become the first global cloud service provider to achieve the K-ISMS certification. This achievement demonstrates that AWS places top priority on security along with excellent services.
TMON
We welcome that AWS has achieved the K-ISMS certification. It reinforced for us that AWS is a highly trusted adviser in achieving our future vision and business success. AWS’certification demonstrates that the company leads other global cloud service providers to provide a high level of security and meet the local compliance requirements. AWS' proven cloud services enable us to focus more on our core business by reducing compliance burdens on infrastructure management.
NEOWIZ
-
What is an ISMS?
An Information Security Management System (ISMS) is a comprehensive set of frameworks that contain policies and procedures to systematically and continuously protect sensitive data from various threats.
-
What is the K-ISMS certification?
Korea Information Security Management System (K-ISMS) is a certification system to assess if an enterprise's or organization's information security management system is properly established, managed and operated.
-
What is the legal background of the K-ISMS certification?
The legal background is provided in Article 47 (ISMS Certification) in "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.".
-
Who performs the independent third-party audit of AWS for the K-ISMS certification?
As per Article 47 (ISMS Certification) in "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.", the Korea Internet & Security Agency (KISA) or an assessment body appointed by the Ministry of Science and ICT (MSIT) conducts a certification audit.
-
Who must obtain the K-ISMS certification?
There are compulsory and voluntary applicants. Compulsory applicants may include certain: (1) Internet Service Providers (ISP), (2) Internet Data Centers (IDC), (3) general hospitals, (4) educational institutions and (5) Internet communications service providers. Please review the KISA website for more details regarding the applicable criteria. Voluntary subjects may voluntarily apply for a K-ISMS certification. AWS obtained K-ISMS certification in December 2017 as a voluntary subject.
-
What is the benefit of the K-ISMS certification?
By implementing systematic and comprehensive information security measures instead of one-time adhoc information security measures, the level of information security management of enterprises and organizations may be improved. Enterprises and organizations can respond swiftly in case of incidents such as hacking or DDoS and minimize damage and loss by establishing an information security management system.
-
How can I get a list of K-ISMS certified companies?
Korea Internet & Security Agency (KISA) provides a list of K-ISMS certified enterprises and organizations via its website.
-
Which regions are covered by the AWS K-ISMS certification?
Asia Pacific (Seoul) Region and the AWS Edge Location located in Seoul, South Korea
-
Which AWS services are in scope for the AWS K-ISMS?
The covered AWS services that are within the scope of the K-ISMS certification can be found within AWS Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have interest in other services please contact us.
-
How often does the AWS K-ISMS certification audit take place?
AWS' K-ISMS certification is effective for a period of 3 years from the certification date (i.e., December 27, 2017), as long as AWS passes an annual surveillance audit.
-
How does AWS' K-ISMS certification benefit customers seeking to obtain their own K-ISMS certification?
As per the Shared Responsibility Model, AWS' K-ISMS certification demonstrates the "Security of the Cloud," enabling customers to focus their resources on items related to "Security in the Cloud" in connection with their K-ISMS certification process.
-
How do I request a copy of AWS' K-ISMS certificate?
A copy of the AWS K-ISMS certificate is available to customers by using AWS Artifact, a self-service portal for on-demand access to AWS compliance reports. Sign in to AWS Artifact in the AWS Management Console, or learn more at Getting Started with AWS Artifact.
