Thales banner

Achieve Korea Personal Information and Information Security Management System Compliance

Thales offers integrated solutions that enable organisations to address the ISMS-P in Korea.

Korea Personal Information and Information Security Management System (ISMS-P)

APAC

In November 2018, the Korean Ministry of Science and ICT (MSIT), Korea Communications Commission, and Ministry of the Interior and Safety merged the Information Security Management System (ISMS) and the Korea-Personal Information Management System (PIMS) into a new certification system – Personal Information and Information Security Management System (ISMS-P).

The goal of integrating these two systems is to:

  • Echo the recent trends in integrating information security and the protection of personal information
  • Strengthen the links between these systems
  • Reduce the compliance burden on organisations due to the considerable overlap of requirements

With extensive experience helping organisations comply with compliance mandates, Thales offers integrated solutions that enable your organisations to address the Personal Information and Information Security Management System (ISMS-P).

  • Regulation
  • Compliance

The Korean Personal Information and Information Security Management System (ISMS-P) is an information security and personal information management standard created by the Korea Internet & Security Agency (KISA). Compliance with this standard is mandated by the Personal Information Protection Act and “Act on Promotion of Information and Communications Network Utilisation and Information Protection” as it is designed to help organisations in Korea protect their information assets.

Instead of 104 K-ISMS controls and 82 K-PIMS controls, ISMS-P – the new consolidated certification has 80 controls related to information security and 22 controls related to the protection of personal information.

80 controls related to information security

  • Establishment and operation of management system [16]
  • Requirements for protection measures [64]

22 controls related to the protection of personal information

  • Requirements of each step of personal information processing [22]

Thales enables organisations in Korea to address the requirements of The Korean Personal Information and Information Security Management System (ISMS-P).

Protection of cryptographic keys

Luna HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption, and more. Available in three FIPS 140-2 certified form factors, Luna HSMs support a variety of deployment scenarios.

Key Management

CipherTrust Manager enables you to centrally manage keys for all CipherTrust Data Security Platform products, and securely store and inventory keys and certificates for third-party devices — including IBM Security Guardium Data Encryption, Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products.

CipherTrust Tokenisation with Dynamic Data Masking

CipherTrust Tokenisation offers application-level tokenisation services in two convenient solutions that deliver complete customer flexibility

Recommended resources

대한민국 정보보호 및 개인정보보호 관리체계 인증(ISMS-P) 획득

Achieve Korea Personal Information and Information Security Management System (ISMS-P) Compliance - Compliance Brief

With extensive experience helping organizations comply with compliance mandates, Thales offers integrated solutions that enable your organizations to address the Personal Information and Information Security Management System (ISMS-P).

Data Security Compliance and Regulations - eBook

Data Security Compliance and Regulations - eBook

This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.

The Key Pillars for Protecting Sensitive Data in Any Organization - White Paper

The Key Pillars for Protecting Sensitive Data in Any Organization - White Paper

Traditionally organizations have focused IT security primarily on perimeter defense, building walls to block external threats from entering the network. However, with today’s proliferation of data, evolving global and regional privacy regulations, growth of cloud adoption, and...

Other key data protection and security regulations

GDPR

Regulation
Active Now

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.

PCI DSS

Mandate
Active Now

Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

Data Breach Notification Laws

Regulation
Active Now

Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.