ISMS and ISMS-P System Improvement Meeting
Discussions on Expanding Mandatory Certification and System Restructuring

"To restore trust in the certification system, we must overcome the limitations of the snapshot approach, which assesses the status at a single point in time with just one review."


Song Kyunghui, Chairperson of the Personal Information Protection Commission, made this statement at the "Information Security and Personal Information Protection Management System (ISMS·ISMS-P) System Improvement Meeting" held on March 12, 2026, at the HJ Business Center in Gwanghwamun, Seoul. She emphasized, "It is not enough to be satisfied with a certificate issued at the time of the review. We must establish a structure that ensures a certain level of protection measures is continuously maintained."


Ryu Jemyung, Vice Minister of the Ministry of Science and ICT (left), and Song Kyunghui, Chairperson of the Personal Information Protection Commission, are speaking at the "Information Security and Personal Information Protection Management System (ISMS·ISMS-P) System Improvement Meeting" held on the 12th at the HJ Business Center in Gwanghwamun, Seoul. Photo by Noh Kyungjo

Ryu Jemyung, Vice Minister of the Ministry of Science and ICT (left), and Song Kyunghui, Chairperson of the Personal Information Protection Commission, are speaking at the "Information Security and Personal Information Protection Management System (ISMS·ISMS-P) System Improvement Meeting" held on the 12th at the HJ Business Center in Gwanghwamun, Seoul. Photo by Noh Kyungjo

View original image

She also announced plans to "introduce a preliminary review process to assess companies' preparedness for core certification criteria in advance, and to strengthen both system-based and on-site implementation reviews." In addition, she stated that the post-certification management system will be further developed to ensure that companies continue their information protection efforts after obtaining certification.


The ISMS·ISMS-P certification is a system for verifying whether the information security and personal information protection frameworks that companies and institutions have established and operate are appropriate. Through ISMS·ISMS-P certification, companies and institutions identify their information assets, systematize the flow of personal information processing, and manage potential security risks. However, recent incidents of personal information leaks at certified telecom companies and large platforms have led to calls for comprehensive measures to enhance the effectiveness of the certification system.


In response, the government has decided to incorporate on-site feedback and establish and announce the "Measures to Enhance the Effectiveness of Information Security and Personal Information Protection Certification." On this day, around 20 people attended the meeting, including Chairperson Song; Ryu Jemyung, Vice Minister of the Ministry of Science and ICT; representatives from certification institutions such as the Korea Internet & Security Agency and Financial Security Institute; auditing bodies such as the Telecommunications Technology Association, Korea Information & Communication Promotion Association, Personal Information Protection Association, Next Generation Information Security Certification Institute, Korea Management Certification Institute; certification auditors; and experts recommended by certification institutions.


The government introduced policy directions aimed at strengthening the effectiveness of the certification system. Specifically, it mentioned: ▲expanding the range of mandatory certification subjects and tightening certification standards; ▲reforming the review process, including introducing preliminary reviews and applying technology-based and field demonstration reviews; ▲enhancing post-certification management to prevent data breaches; and ▲improving the quality of reviews through stricter supervision of review organizations and raising the expertise of auditors.


Participants evaluated these policy directions as timely approaches to address the rapidly changing technological environment, such as the advancement of artificial intelligence (AI) and increased sophistication of hacking techniques. They also provided opinions on detailed considerations to ensure that improvements such as strengthened technology-based reviews can be effectively implemented in the field. In particular, they suggested that institutional enhancements, such as preparing technical review guidelines, are necessary to ensure consistency in reviews, and that policies such as proactive monitoring of review organizations and improving auditor participation requirements are needed to improve overall review quality.


Hot Picks Today


Vice Minister Ryu stated, "As both major and minor security incidents continue to occur frequently, fundamental questions have been raised about the effectiveness of the certification system. (By analogy to health), we want to examine whether the certification system is faithfully fulfilling its role in safeguarding health through regular checkups." He added, "A bill to amend the Information and Communications Network Act to secure the effectiveness of the certification system is expected to pass the plenary session of the National Assembly. I hope this opportunity will serve as a catalyst for further advancing the level of information protection in our country."


한글 기사 보기
This content was produced with the assistance of AI translation services.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.

Today’s Briefing