The Ministry of Science and ICT and the Ministry of the Interior and Safety announced they intend to implement a newly established improvement plan for the Cloud Security Assurance Program (“CSAP”) to promote the use of cloud services by administrative and public agencies and enhance the security level of cloud services from July 24, 2019.

The CSAP, which has been in effect since July 2016, aims to facilitate the use of cloud services by enabling the use of third party cloud services that have obtained security assurance from administrative and public agencies.  However, small- and medium-sized enterprises have raised concern with the considerable amount of time and cost associated with obtaining the security assurance. 

Accordingly, the improvement plan for the CSAP aims to reduce the burden of the security assurance process for cloud service providers by:

(i)    Extending the effective period of security assurance from three years to five years;

(ii)    Newly establishing a simplified certification system (Gan-pyeun-deung-geup in Korean) that requires evaluation of only 30 items (applicable to services excluding electronic approvals, HR, accounting management, security services and services subject to assessment of personal information risk factors), which is more accessible than the previous standard certification system (Pyo-joon-deung-geup in Korean) that requires evaluation of 78 certification items;

(iii)    Removing the preliminary preparation requirements (i.e., pass a certain score threshold from an internal vulnerability assessment) that businesses were required to satisfy prior to applying for the security assurance; and 

(iv)    Adjusting or abolishing review items that overlap with those of other certification systems such as the Information Security Management System (ISMS).

With these improvements in the administrative procedures, it is expected that the timeframe required for obtaining security assurance would be reduced from the current five months to 3.5 months.

A guideline containing detailed explanation on the application procedures, items, and evaluation method regarding the CSAP will be prepared after September 2019.