• {{ market.title }}
    {{ market.ticker.yesterday_vs_sign }}{{ number_format(market.ticker.yesterday_vs_rate, 2) }}%

Ahead of the enforcement of the "Act on the Reporting and Use of Specific Financial Transaction Information (Special Act)," companies dealing with virtual currency must obtain Information Security Management System (ISMS) certification.

ISMS certification is a system in which companies or institutions certify that information protection operations and management levels meet certain standards.

In the case of cryptocurrency exchanges, real-name account certification is required from banks under the Special Act, and the criteria for this is ISMS certification. This means that if you do not get the certification, you will not even be eligible for real-name account screening, and if you do not get the account, the exchange should be closed.


What is ISMS and ISMS-P?


ISMS is a certification of the information protection framework of enterprises and institutions. Information communication services and all information systems, personnel and physical locations for the provision of services must be included.

This means that if ISMS is obtained, important information assets such as corporate information, industrial confidentiality, and personal information held by companies and organizations will be certified by the state in a safe and reliable manner.


ISMS-P is virtually the most extensive information protection authentication system. ISMS-P is a concept that certifies both corporate and institutional information protection systems and privacy areas. Information system services, including ISMS's certification scope and all services corresponding to the personal information flow under the Life Cycle (collection, retention, use, provision, termination) are analyzed in detail. In other words, ISMS-P certifies that it protects privacy more closely in almost all domains.



ISMS certification is quite a complicated procedure. In particular, ISMS-P is more difficult.


ISMS must pass a total of 80 evaluation items, and ISMS-P must pass 102 items.



ISMS, ISMS-P Certification Evaluation Topics


Authentication Procedure


The ISMS certification process begins with establishing an annual plan for information protection. In this process, a management system based on certification standards will be established and operated.


Once the application is received, a preliminary inspection will be conducted on the scope of certification and the preparation status of the applicant company. If the inspection is passed, the screening schedule will be confirmed and the fee will be paid to the full-fledged screening stage. For reference, a 30% discount will be given to "small and medium-sized enterprises" or "information protection disclosures", and a 20% discount will be given to "some parts of the review (ISO/IEC 27001 and "Vulnerability checks of major information and communication infrastructure").



The certification examination consists of written and on-site examination, which examines whether the management system is well established and whether the established system is properly implemented. It is also requested to supplement and take action against defects in this process.

After the on-site confirmation of whether supplementary measures for defects found during the examination have been implemented, a report on the results of the examination will be prepared, and a certificate will be issued if there is no problem.

A post-examination is conducted every year after the certificate is issued. The validity period of the certificate is three years and must be re-certified through a renewal review at the end. Of course, if they fail to pass the renewal screening process, the certification will be automatically revoked.


Meaning of obtaining ISMS certification


There are many benefits to obtaining ISMS certification. There are various institutional benefits such as a perfect score (5 points) for the information protection certification company in the "Work Performance Assessment Sheet", a replacement for some ESG evaluations for listed companies, and additional points for selecting contractors in purchasing, manufacturing, service and construction.

However most of all, the most significant is the fact that the state guarantees that it has the ability to safely manage information protection.

In particular, continuous and systematic risk management for information protection is paramount as recent industrial flows have developed in a direction closely related to the network.

There are many companies that are already certified for systematic risk management in various fields as well as in the virtual currency industry. Not only NC Soft, a leading game industry leader, but also Dabang, an Internet real estate company, completed its ISMS-P certification in May. Large cryptocurrency exchanges such as Bithumb, Upbit, and Korbit have already got ISMS certification.

In addition, more and more companies are stepping up preparations for certification. Coco Entertainment Korea is stepping up efforts to establish a system to prepare for ISMS certification, and is also preparing for certification by the International Standardization Organization such as ISO 27001 to protect customers' information.


This means that an entity that has obtained ISMS certification is capable of managing the highest level of information protection risk. It is even more meaningful because it is a certificate that customers can entrust their assets with confidence, even if it is not because of the special law.



ISMS certification means that the state guarantees that it is an enterprise capable of managing information protection risk



In addition, it is also positive that virtual currencies will be protected by institutional rights. As ISMS certification authority is a national institution, legal compliance with personal information protection can be secured. Financial Services Commission Chairman Eun Sung-soo's recent remarks that "a safe cryptocurrency exchange that has been reported can naturally protect investment funds" are based on ISMS certification and others.

ISMS certification has thus become a necessity for businesses. Among companies that are not designated as mandatory for certification, many apply for it. Just as we trusted KS mark products as quality products, ISMS certification became an indicator of the stability of information protection.


NO Subject 썸네일 Date Created
652 미 2023년 2차례 조기 금리 인상 전망에 비트코인 가격 하락 2021.06.17
651 What is a must-have VASP report for a virtual asset business? 2021.06.17
650 세상의 모든 디지털 한정판 담는다… ‘클립 드롭스’ 7월 출시 2021.06.16
649 마크 큐반 "디파이 미국 차세대 동력 될 것, 10~20년 내 디파이에서 글로벌 혁신 기업 탄생 한다" 2021.06.16
648 골드만삭스, 비트코인에 이어 이더리움 투자 상품 출시 계획 2021.06.15
647 크라켄 "잠재적 리스크 우려로 2022년 예정되었던 IPO 재검토 할 것" 2021.06.11
646 한국은행 총재 "올해 하반기 CBDC 모의실험 착수 할 것" 2021.06.11
645 엘살바도르 세계 최초로 비트코인 법정화폐 채택 2021.06.10
644 클레이튼, NFT 생태계 웨비나 16일 개최 2021.06.10
643 미국 국세청, 의회에 가상자산 송금 정보 수집 권한 요청 2021.06.09
642 블룸버그 수석 전략가 "비트코인, 이더리움 상승 패턴 따르면 10만 달러 가능" 2021.06.09
641 Consulting firms are emerging because of the tough ISMS certification 2021.06.08
640 마이크로스트레티지, 비트코인 추가 구매위해 4억달러 담보채권 발행 예정 2021.06.08
» What is ISMS certification essential to the virtual currency business? 2021.06.07
638 김병욱 의원 "가상자산업권법 이르면 올 가을에 통과 될 것" 2021.06.03
637 비탈릭 부테린, "이더리움2.0 확장성 내년 연말에 구현될 것" 2021.06.03
636 인도 중앙은행 "암호화폐 거래 금지하지 않는다" 2021.06.02
635 비탈릭 부테린 "PoS 방식 암호화폐 에너지 소비량 1만배 이상 줄일 수 있어" 2021.05.31
634 이재명 지사 "암호화폐 제도권 내로 포섭해야 하지만 과세는 1년 연기 해야" 2021.05.31
633 시프트업, 신작 ‘그.공.사’에 NFT를 적용한 디지털 한정판 발행 2021.05.31