Management and Governance, Security
Microsoft Azure obtains Korea-Information Security Management System (K-ISMS) certification
By David Burt Senior Compliance Manager, Azure Trust and Compliance
1 min read
Microsoft helps organizations all over the world comply with national, regional, and industry-specific regulatory requirements. These requirements are aimed at securing and protecting the data of individuals, establishments, and critical technology infrastructures. Azure meets the broadest set of international and industry-specific compliance standards, and we’ve added another country-specific compliance offering to our extensive portfolio with the K-ISMS.
The K-ISMS certification was introduced by the Korea Internet and Security Agency (KISA) and is designed to ensure the security and privacy of data in the region through a stringent set of control requirements. Achieving this certification means Azure customers in South Korea can more easily demonstrate adherence to local legal requirements for protection of key digital information assets and meet KISA compliance standards more easily.
KISA established the K-ISMS to safeguard the information technology infrastructure within Korea. This helps organizations implement and operate information security management systems that facilitate effective risk management and enable them to apply best practice security measures.
This framework is built on successful information security strategies and policies, as well as security counter measures and threat response procedures to minimize the impact of any security breaches. These requirements have a significant overlap with ISO27001/2 control objectives but are not identical.
The K-ISMS certification is overseen by the Korean Ministry of Science and Information Technology (MSIT) and is authorized and governed by Article 47 of the country’s Network Act. To obtain it, a company must undergo an assessment by an auditor that covers both management processes and data security procedures which includes one hundred and four criteria that are evaluated. Some of these include examination of the organization’s security management responsibilities, security policies, security training, incident response, risk management, and more. A special committee examines the results of the audit and grants the certification.
Microsoft is the industry leader in proactively pursuing international, national, and industry certifications and attestations. As a result the Azure is uniquely positioned to help you meet your compliance obligations, regardless of the industry or geographic location in which your organization does business.
Learn more about Microsoft’s compliance offerings by visiting the Microsoft Trust Center.