GOPAX, a popular South Korean crypto exchange, became the very first blockchain company in the country to get a K-ISMS certification, which is Korea’s official standard set for management systems in information security. This practically means that the government sees the cybersecurity of GOPAX as being completely approved.
K-ISMS is an official certification standard that regards the management, establishment and the operation of the information security system in place for some selected industries. This includes portal services, internet service providers and server hosts. The certification is important in blockchain because it means the company can manage and operate large volumes of information security system while staying at a level that is equal to highly established businesses and corporations operating in the financial and technology sectors.
Myeonghun Baek, GOPAX CISO (chief information security officer), declared:
K-ISMS certification is mandatory for companies above a certain level in terms of either sales or user numbers that utilize information communication networks. GOPAX is currently not at that level, and thus didn’t need to obtain certification, but we voluntarily underwent the K-ISMS audit to become certified. As there is no official operating standard for blockchain companies currently in place, GOPAX receiving K-ISMS certification is a sign that it is willing to be ahead of legislation and set an operating standard for other blockchain companies.
K-ISMS certification is obtained through KISA (Korea Internet And Security Agency). This agency operates a special team of trained auditors that examine companies that are applying, together with a special committee that is evaluating the results of the audit.
In the audit the companies go through 2 important areas: information security measures and information security management processes. Some of the areas that are covered include organizational structure, management responsibilities, post-incident management and risk management. KISA also analyzes information security policy, external security, information security training and more.
GOPAX is renowned for taking active steps to be compliant in front of the government. It was in July that the company received its ISO/IEC 27001 certification, becoming the very first crypto exchange in the entire world to take such a step. This global information security management standard was published by IEC and ISO. It practically means that GOPAX is currently meeting worldwide standards and can operate across borders with a guarantee that information security management is competent.
K-ISMS is basically really important for operations inside Korean jurisdiction. It also helps with eventual scaling. In the event that GOPAX scales it would need this certification and getting it ahead of time is a sign of preparing for the future.
In Korea, crypto exchanges are seen as being “information and communications service providers”. In Japan, as an example, cryptocurrency exchanges are seen like financial institutions.