To counter the security threats to precious information assets, SSR’s Information Security Consulting derives security management solutions and aids in establishing and internalizing effective administrative security system for our clients.

KISA-ISMS Certification Consulting ISO27001 Certification Consulting G-ISMS Certification Consulting PIMS Certification Consulting
Explain Provide aid in ensuring systematic and effective management of important security administration according to KISA ISMS standards Provide support in systemically and effectively managing information security according to ISO27001 standards Assist in establishing information security structure suitable for organizations and services such as administrative government branch Assist in establishing a system which safely manages private data according to PIMS standard
Certification Criteria 5 Administrative Procedures,12 Controlling items. 11 Domains ,133 Controls 4 Administrative Procedures,15 Controlling Areas 5 personal information Administrative Procedures,11 Controls
- - 3 Documentations 3 Life-cycle Procedures,28 Controls
13 Domains,92 Countermeasures - 11 Domains,136 Countermeasures 9 Domains,79 Countermeasures
Issuing Institution KISA(Korea Internet & Security Agency) DNV(Det Norske Veritas) KISA(Korea Internet & Security Agency) KISA(Korea Internet & Security Agency)

Information Security Management Reinforcement Consulting

Internal Information Leakage Prevention Consulting

Private Data Security Reinforcement Consulting

Service Security Standard Establishment Consulting

- Establishing Information Security Administration Strategy

- Developing Information Security Policy/Guidelines/Procedures

- Establishing Information Security Master Plan

- Identifying important internal information

(assets such as information, system, etc.)

- Establishing countermeasures against internal information leakage

(from administrative and system establishment point of view)

- Personal Information Identification

- DB Table Usage Analysis

- Privacy Impact Assessment

- Personal Data Protection Act Compliance Analysis

- Establishment of Private Information Security Measures

- Analyze Service Security Compliance Status

- Establish Service Security Reinforcement Measures

(Infrastructure, depending on services)

- Develop Service Security Standard Guide

Assist in successful certification by developing documentation system and administrative process and aid in internalizing the processes by the organization members through education and consultation according to KISA ISMS standards

Main Services

- Analyze Intelligence Assets (information, system)

- Analyze gaps from the certification standards

- Analyze information system vulnerability

- Risk analysis

- Establish countermeasures (generate countermeasure statement)

- Establish information security policy/guidelines/procedures

- Prepare documents for certification

Applicable Clients

- Companies that are subjected to security analysis and are obligated to obtain ISMS certification (required since February 18th, 2013)

- Client who wishes to create and manage a system for safeguarding important company information

Obligated Clients

- All information security network service companies in Seoul Special City and other metropolitan cities

- Direct information telecommunication infrastructure firms (except VIDC)

- Companies with gross profit of 10 million dollars (100 million KRW) in previous year

- Companies with the average of more than 1 million users per day for 3 months before the end of last year.

Legal Basis

- Information Network Law Article 47 (Information Security System Certification)

- Duty evasion fine: less than 10 million KRW (Info-communication Law Article 76)

Domestic Certification Status

- Manufacturing companies

- financial businesses

- e-Business enterprises

- Software developers

- Security consulting companies, etc.

Assist in successfully obtaining certification by developing management policies and processes for effective implementation of information security policy, organization, and processes according to ISO27001 standards and aid in internalizing processes by the organization members through education and consultation.

Main Services

- Intelligent Assets (information, system) Analysis

- Analyze comparative gaps to certification standards

- Information System Vulnerability Analysis

- Risk Assessment

- Fill out Adaptability Report

- Establish information protection policies/guidelines/procedures

- Prepare documents for certification request process

Applicable Clients

- Companies involved in Global Business seeking to improve company image and to place emphasis on marketing and sales aspects.

- Clients that wish to develop and manage a system for protecting important company information

Domestic Certification Status

-Manufacturing companies, financial businesses, IT service firms, security consulting firms etc. that are involved in global business

Support in obtaining certification by establishing personal data security system, policy and process and encouraging effective maintenance via education and consultation in order to comply with personal data security laws, strengthen personal data security activities, and to encourage secure personal data management by user.

Main Services

- Personal data (information, system) research

- Analysis on comparative gaps from certification standards

- Write private information flow chart

- Personal data effect assessment (risk assessment)

- Establish safeguard (fill out countermeasure statement)

- Private data protection policies/guidelines/procedures

- Prepare other certification request documents

Applicable Client

- Clients that process large quantity of personal data via internet and are involved in a business based on personal data

who wants to safely manage private data.

Legal Basis

-Information Network System Law Article 47 Section 3 (Certification of Personal Data Protection and Management System)