Businesses dealing with virtual assets must be certified as Information Security Management System (ISMS). It is a demonstration by an enterprise or agency that the level of information protection operations and management meets certain criteria.
As it is a state-guaranteed system, it naturally has to go through a difficult screening process. ISMS certification requires passage of 80 assessment articles, and for ISMS-P there are 102 items.
If businesses fail to obtain it, they will be fined up to 30 million won. However, the bigger blow is that they won’t gain trust in information protection from customers. In other words, it is difficult to operate a company without it.
Post-management is more difficult than obtaining certification.
Many virtual asset companies find ISMS certification difficult. In order to meet the standards, a management system should be established and reviewed, and defects should be supplemented through an examination process that takes months at most. This process will cost a considerable amount of time and money.
Acquiring it is not the end of everything. Afterwards, post-management is as difficult as obtaining the certification. Companies that have received certificates must undergo post-examination every year and re-certification examination after three years, the expiration date of the certificate. The certification will be automatically cancelled if they fail to pass the re-certification. Therefore, post-management and re-certification are a significant burden for companies.
From ISMS certification to post-management, consulting firms are emerging.
As it is complicated and expensive to obtain certification, follow-up management, and re-certification, service
GADIAN Security stands out as a representative company, and they are an ISMS consulting firm led by Kwon Sung-ho. He is an author of "Mastering ISMS-P" and an adjunct professor of Sungshin Women's University's Convergence Security Department, Internal auditor of Daum Communications and Information security senior manager of CJ CGV.
Gadian supports companies to acquire, maintain, and renew ISMS certification on their own through 'Gadian Solution'.
ISMS-certified consulting firm Gadian Security
Gadian strengthens the internalization of the company and enables self-consulting through training and practice in each stage of consulting. Through the solution and "Real-time Professional Counseling Service," companies can easily prepare for the post and renewal of ISMS.
If a company can do ISMS-related work on its own, it can respond to changes quickly, reduce costs, and establish and maintain an information protection management system according to the company's environment.
Gadian has established itself by conducting ISMS consulting with Kookmin University, Myongji University, Shinsegae Duty Free Shop, and Seoul City Hall.
Recently, contracts with virtual asset service companies related to the Act on the Reporting and Use of Specific Financial Transaction Information are increasing.
Blockchain company "RMT" and virtual currency exchange "Amis Innovation" have completed a consulting contract with Gadian Security on IMS certification.
In addition, 'Coco Entertainment Korea', which is preparing for virtual asset exchange, also requested consulting for ISMS's first certification in 2021. Through this, they are preparing to establish a high-quality information protection management system as well as ISMS certification so that customers can receive virtual asset-related services with more confidence.