네이게이션으로 바로가기 본문으로 바로가기

Information Security

NHN making its best effort to comply with relevant laws such as the Personal Information Security Act and to protect user privacy. In our journey to create a better world with technology, NHN puts the protection of users' personal information as the top priority.

Information Security Promotion System

Information Security Policy

NHN has established and is operating an information security policy framework specialized for employee duties and checks compliance at least once a year and inspects feasibility of the framework. We also establish, disclose, and update the personal information processing policy for each service for any users to check the status of their personal information processing at any time.

  • Policy Information security
    Policy

    To express the importance of information security and Commitment of the management

  • Guidelines Company / Task-specific Information Security Guidelines

    Definition of information security principles according to company standards and duties

  • Detailed Guidelines Detailed Standards and Guidelines

    Provide specific standards and guidelines

Information Security Organization

NHN operates a more professional and advanced company-wide information Security management system by separating the IT security and security policies including Privacy. We hold the Information Security Committee, composed of key officials, at least twice a year to discuss and make decisions regarding major issues such as policy changes. In addition, the Information Security Policy Committee, convened by CISO, CPO and CIO, is held every month in order to closely and quickly respond to security issues that may arise time to time.

CEO
  • Information Protection Committee
  • IT Security Center Director
    • IT Infra/Cloud Security
    • Data Security
    • CERT
  • CISO / CPO
    • Information Security
    • Privacy Policy & Protection
    • Information leakage response
  • CIO
    • IT Governance
Information Security Policy Committee
Back to topTOP

Information Security Activities

In-house Information Security Campaign

In order to raise employees' information security awareness and encourage their participation in information security activities, NHN conducts various events such as sending monthly letter on security compliance, holding quiz events and a campaign to discard unnecessary personal information. We have hosted company-wide information security campaigns that are trendy every year, such as ‘Oh! Security Game’ in 2021 and ‘Wise Security Life’ in 2020, attracting much attention and active participation from its employees. The ‘Security Bug Bounty’ campaign held to encourage members to report information security vulnerabilities discovered while performing work, takes place twice a year. Thanks to the campaign, a total of 6 major vulnerabilities were discovered and improved over the past two years.

Cyber Crisis Response Mock Training

At least once a year, the Korea Internet & Security Agency (KISA) conducts intrusion accident mock training where we participate and NHN also executes APT mock training twice a year on its own. We are also strengthening our capabilities to respond quickly and minimize damage to users and the company in the event of a personal information leakage through preparing ourselves with a mock training every year.

Back to topTOP

Information Security Certification

NHN has obtained certifications for information security system and service stability from domestic and foreign reputable certification organizations. We spare no effort to check, manage, and operate internal systems, such as receiving verification on the personal information and information security systems from specialized national agencies.

  • ISMS-P

    The highest level of authoritative domestic certification system of information
    security and personal information security in South Korea

    ISMS-P(Information Security and Personal Information Security Management System) is
    a certification system that awards a company who achieves a certain degree of
    performance in the systematic and persistent activities in terms of information security
    and personal information security. NHN has been annually audited for its system of
    information security and personal information security subject to the certification of ISMS
    (Information Security Management System) and PIMS (Personal Information Security
    Management System), which were obtained in September 2013, and the recently
    integrated certification of ISMS-P as of November 2019.

    • Certified service
      • ISMS-P
        • NHN - Operation of external online services (game, content, IoT, e-commerce)
        • NHN Cloud - NHN Cloud services
        • NHN Dooray - Collaboration service, groupware, ERP(Enterprise resource planning), digital tax invoice services
      • ISMS
        • NHN Cloud - NHN Cloud Center (IDC)
    • Valid period
      • NHN - 2022.11.27 ~ 2025.11.26
      • NHN Cloud - 2022.11.16 ~ 2025.11.15
      • NHN Dooray - 2022.11.16 ~ 2025.11.15
    ISMS-P

  • ISO/IEC 27001, 27701, 29100

    International Standard for Information Security and Privacy Management
    System and Privacy Framework

    NHN has acquired international standard certificate ISO/IEC 27001, which is for information security management system published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), and international standard certificate ISO/IEC 2770 for the global privacy information management system. It meets global privacy requirements such as the EU GDPR. NHN has also acquired ISO/IEC 29100 which is international standard certificate required for establishing and operating global privacy framework.

    • Certified service
        • NHN - The provision of entertainment, e-commerce, content
          service and IoT(Internet of Things) services.
        • NHN Cloud - The provision of NHN cloud services for public,
          finance, governmental and medical business services.
        • NHN Dooray - The provision of collaboration service, groupware,
          ERP(Enterprise resource planning), digital tax invoice services.
    • Valid period
      2021.06.17 ~ 2024.06.16
    ISO/IEC 27001, 27701, 29100

  • ISO/IEC 27017, 27018, 27799

    International Standard for Cloud Service Information Security and Privacy, Health Information Security

    NHN has acquired international standard certificate ISO/IEC 27017 and ISO/IEC 27018, which is for information security and privacy security, specialized for cloud services, and ISO/IEC 27799, which is international standard certificate for health information security of cloud services.

    • Certified service
        • NHN Cloud - The provision of NHN cloud services for public,
          finance, governmental and medical business services.
        • NHN Dooray - The provision of collaboration service, groupware,
          ERP(Enterprise resource planning),digital tax invoice services.
    • Valid period
      2021.06.17 ~ 2024.06.16
    ISO/IEC 27017, 27018

  • ISO/IEC 22301

    International Standard for Business continuity management system

    ISO/IEC 22301 is international standard certificate for Business continuity management
    system. NHN Cloud has acquired ISO/IEC 22301, and audited for its business continuity
    management for IaaS Services of NHN Cloud, which were obtained in July 2022.

    • Certified service
      NHN Cloud - The provision of NHN cloud services for public,
      finance, governmental and medical business services.
    • Valid period
      2022.07.14 ~ 2025.07.13
    ISO/IEC 22301

  • CSAP(Cloud Security Assurance Program) Certification [IaaS, SaaS,
    PaaS]

    Information security management system evaluation and certification for
    providing safe cloud services to governmental

    The Cloud Security Assurance Program is a program that reviews whether a service
    provided by a cloud service provider complies with the information security standards
    under Article 23 Paragraph 2 of the Cloud Computing Development and User Protection
    Act of Korea and grants certifications to companies that satisfy certain minimum
    standards. NHN Cloud Corporation acquired the certification for IaaS in December 2017,
    SaaS in December 2019, PaaS in June 2021 and has its cloud service security systems
    regularly certified through strict verification procedures every year.

    • IaaS Certified service
      NHN Cloud (for public institutions)
    • IaaS Valid period
      2022.12.13 ~ 2027.12.12
    • SaaS Certified service
      Dooray!
    • SaaS Valid period
      2019.12.18 ~ 2024.12.17
    • PaaS Certified service
      NHN Cloud PaaS-TA
    • PaaS Valid period
      2021.06.09 ~ 2026.06.08
    CSAP

  • CSA STAR

    International Cloud Service Information Security Certification by CSA
    (Cloud Security Aliance)

    CSA STAR certification is an international cloud service information security certification
    hosted by the US Cloud Security Alliance (CSA). It assesses the effectiveness and
    maturity of security controls through the Cloud Control Matrix and grants a certification
    called STAR (Security, Trust & Assurance, Registry). NHN Cloud has obtained the CSA
    Star Certification for IaaS, PaaS, and SaaS of NHN Cloud service and is certified for
    maintaining the maturity of Gold Level.

    • Certified service
      NHN cloud service for public, financial, governmental and medical
      IaaS service. The provision of collaboration service, groupware,
      ERP(enterprise resource planning) service for public, financial,
      governmental and medical SaaS service from NHN Dooray.
    • Valid period
      2022.07.12 ~ 2025.07.11
    CSA STAR
Back to topTOP