South Korea's Personal Information Protection Commission and the Ministry of Science and ICT held a field meeting on Thursday, attended by the chair of the data protection watchdog and the ministry's second vice minister, to strengthen the effectiveness of information security and personal data protection management system certification. Participants also included the heads of the Korea Internet & Security Agency and the Financial Security Institute, review bodies and certification auditors.

ISMS and ISMS-P certification assesses whether the information security and personal data protection systems built and operated by companies and institutions are appropriate. It is an integrated certification scheme combining the information security management system overseen by the Ministry of Science and ICT with personal data protection requirements overseen by the Personal Information Protection Commission. The two agencies have cooperated to improve the scheme, including by holding an inter-agency meeting on measures to improve certification on Dec. 6 last year.

As security and personal data leak incidents have occurred at telecom operators and large platform businesses that received ISMS and ISMS-P certification, there is a need to prepare measures to strengthen the scheme's effectiveness. The Personal Information Protection Commission and the Ministry of Science and ICT plan to establish and announce measures to strengthen the effectiveness of information security and personal data protection certification so the ISMS and ISMS-P scheme can function in practice.

At the meeting, the government introduced its policy direction for strengthening the effectiveness of the certification scheme. Proposed measures included expanding the scope of mandatory certification and tightening standards, revamping screening methods by introducing preliminary reviews and applying technical reviews and on-site verification-type assessments, strengthening post-certification management to prevent leak incidents, and improving assessment quality by tightening oversight of review bodies and enhancing auditor expertise.

The Personal Information Protection Commission and the Ministry of Science and ICT plan to announce measures to strengthen the effectiveness of information security and personal data protection certification, reflecting views discussed at the meeting.

Personal Information Protection Commission Chair Song Kyung-hee (송경희) said the ISMS-P certification scheme is an important preventive policy because it helps companies proactively check the personal data protection management systems they operate and prevent infringements of personal information. She said the commission will continue improving the scheme so it can function as infrastructure that meaningfully raises the level of data protection across society by actively reflecting voices from the field.

Ryu Je-myung (류제명), second vice minister at the Ministry of Science and ICT, said cyber attacks are becoming more advanced by the day, increasing the likelihood of security incidents and their ripple effects. He said improvements to the ISMS-P certification scheme would raise corporate awareness and security levels by a step, creating a foundation to prevent harm to the public from security incidents and minimise resulting damage.