We Endeavor to Embrace Incremental Changes

ESG

pageIntroBanner

NHN is dedicated to creating meaningful change in society through inclusion and responsibility, shared growth.

Information Protection

Information Protection Policy

NHN has implemented an information protection policy framework tailored to each employee's role. We conduct assessments on a regular basis, at least once a year, to ensure compliance with the policy, evaluate its effectiveness and make necessary improvements. This comprehensive framework comprises a top-level policy statement, supplemented by guidelines for different roles and responsibilities. Additionally, detailed guidelines are also prepared to provide precise instructions for implementing the higher-level guidelines, offering stringent security measures to prevent any information leakage.

Information Protection Policy Statement

Information Security Governance

NHN has appointed a Chief Information Security Officer (CISO) and a Chief Privacy Officer (CPO) as executives of its dedicated information security organization, granting them clear authority and responsibility over data security and privacy protection. Additionally, NHN operates an Information Security Committee comprised of key executives, including the CISO and CPO, to discuss and make decisions on major changes in information security governance. In order to strengthen information security and data protection, NHN maintains a dedicated information security organization while separating IT security and information protection policy entities for enhanced expertise and specialization.

Information Security Certification

NHN has obtained certifications for information security system and service stability from domestic and foreign reputable certification organizations. We spare no effort to check, manage, and operate internal systems, such as receiving verification on the personal information and information security systems from specialized national agencies.

ISMS-P

The highest level of authoritative domestic certification system of informationsecurity and personal information security in South Korea
ISMS-P(Information Security and Personal Information Security Management System) is a certification system that awards a company who achieves a certain degree ofperformance in the systematic and persistent activities in terms of information securityand personal information security. NHN has been annually audited for its system ofinformation security and personal information security subject to the certification of ISMS(Information Security Management System) and PIMS (Personal Information SecurityManagement System), which were obtained in September 2013, and the recentlyintegrated certification of ISMS-P as of November 2019.
isms-p
Certified Service
ISMS-P
NHN : Operation of external online services (game, content, IoT, e-commerce)
NHN Cloud : NHN Cloud services
NHN Dooray! : Collaboration service, groupware, ERP(Enterprise resource planning), digital tax invoice services
NHN PAYCO : PAYCO Life, Financial services
ISMS
NHN Cloud : NHN Cloud Center (IDC)
NHN PAYCO : Franchise and Partnership / Outsourcing Services
Valid Period
NHN :2023.12.06 ~ 2026.12.05
NHN Cloud :(ISMS-P) 2023.12.06 ~ 2026.12.05 (ISMS) 2022.11.16 ~ 2025.11.15
NHN Dooray! :2023.12.06 ~ 2026.12.05
NHN PAYCO :(ISMS-P) 2024.01.18 ~ 2027.01.17 (ISMS) 2024.01.18 ~ 2027.01.17

ISO/IEC 27001, 27701, 29100

International Standard for Information Security and Privacy Management System and Privacy Framework
NHN has acquired international standard certificate ISO/IEC 27001, which is for information security management system published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), and international standard certificate ISO/IEC 27701 for the global privacy information management system. It meets global privacy requirements such as the EU GDPR. NHN has also acquired ISO/IEC 29100 which is international standard certificate required for establishing and operating global privacy framework.
iso_27001_2
Certified Service
NHN : The provision of entertainment, e-commerce, contentservice and IoT(Internet of Things) services.
NHN Cloud : The provision of NHN cloud services for public,finance, governmental and medical business services.
NHN Dooray! : The provision of collaboration service, groupware, ERP(Enterprise resource planning), digital tax invoice services.
Valid Period
2024.06.17 ~ 2027.06.16

ISO/IEC 27017, 27018, 27799

International Standard for Cloud Service Information Security and Privacy, Health Information Security
NHN has acquired international standard certificate ISO/IEC 27017 and ISO/IEC 27018, which is for information security and privacy security, specialized for cloud services, and ISO/IEC 27799, which is international standard certificate for health information security of cloud services.
iso_27017
Certified Service
NHN Cloud : The provision of NHN cloud services for public,finance, governmental and medical business services.
NHN Dooray! : The provision of collaboration service, groupware, ERP(Enterprise resource planning),digital tax invoice services.
Valid Period
2024.06.17 ~ 2027.06.16

ISO/IEC 22301

International Standard for Business continuity management system
ISO/IEC 22301 is international standard certificate for Business continuity managementsystem. NHN Cloud has acquired ISO/IEC 22301, and audited for its business continuitymanagement for IaaS Services of NHN Cloud, which were obtained in July 2022.
bsi_29100
Certified Service
NHN Cloud : The provision of NHN cloud services for public, finance, governmental and medical business services.
Valid Period
2022.07.14 ~ 2025.07.13

CSAP(Cloud Security Assurance Program) Certification [IaaS, SaaS]

Information security management system evaluation and certification forproviding safe cloud services to governmental
The Cloud Security Assurance Program is a program that reviews whether a service provided by a cloud service provider complies with the information security standards under Article 23 Paragraph 2 of the Cloud Computing Development and User ProtectionAct of Korea and grants certifications to companies that satisfy certain minimum standards. NHN Cloud Corporation acquired the certification for IaaS in December 2017, SaaS in December 2019, DaaS in September 2023 and has its cloud service security systems regularly certified through strict verification procedures every year.
csap
IaaS Certification No.
CSAP-2017-003
IaaS Certification Scope
NHN Cloud (for public institutions) (IaaS)
IaaS Valid Period
2022.12.13 ~ 2027.12.12
SaaS Certification No.
CSAP-2019-010
SaaS Certification Scope
Dooray! (Public email, collaboration tools, messenger, electronic approval, video conferencing, AI) (SaaS Standard Grade)
SaaS Valid Period
2024.12.18 ~ 2029.12.17
DaaS Certification No.
CSAP-2023-028
DaaS Certification Scope
NHN Cloud Virtual Desktop Service (DaaS)
DaaS Valid Period
2023.09.19 ~ 2028.09.18

CSA STAR

International Cloud Service Information Security Certification by CSA(Cloud Security Aliance)
CSA STAR certification is an international cloud service information security certificationhosted by the US Cloud Security Alliance (CSA). It assesses the effectiveness andmaturity of security controls through the Cloud Control Matrix and grants a certificationcalled STAR (Security, Trust & Assurance, Registry). NHN Cloud has obtained the CSAStar Certification for IaaS, PaaS, and SaaS of NHN Cloud service and is certified formaintaining the maturity of Gold Level.
csa-star
Certified Service
NHN Cloud : The provision of NHN cloud services for public, finance, governmental and medical business services.
NHN Dooray! : The provision of collaboration service, groupware, ERP(Enterprise resource planning).
Valid Period
2022.07.12 ~ 2025.07.11