South Korea will overhaul its Information Security and Personal Information Protection Management System certifications, making ISMS-P mandatory for key personal data processing systems and tightening audit methods. The Ministry of Science and ICT and the Personal Information Protection Commission will introduce a three-tier system: enhanced, standard and simplified certifications. The plan also strengthens on-site verification, technical testing and post-certification monitoring, with some measures applied in the second half of this year and broader changes from 2027.