[Consultation] Providing consultation on whether you are a mandatory ISMS target
Article posted in | VEAT
D Company inquired with Law firm Veat regarding whether they are obligated under the “Act on the Promotion of Information and Communication Network Utilization and Information Protection, etc.” as an ‘information communication service provider,’ and whether they are subject to the information protection management system (hereinafter referred to as ‘ISMS’) pursuant to Article 27 of the same Act.
According to Article 27, paragraph 2 of the revised Act on Information and Communication Network, 1. A person who has received a permit pursuant to Article 2, paragraph 1 of the “Act on Telecommunications Business” and provides information communication network services in accordance with the details specified by Presidential Decree, 2. An integrated information communication facility business operator, 3. A person who meets the criteria specified by Presidential Decree, with annual sales or income of 150 billion won or more, or with information communication service sales of 100 billion won or more in the previous year, or with an average daily number of users of 1 million or more for 3 months, is obligated to obtain certification; there were ambiguities in the interpretation of the requirements of item 1, and it was necessary to clearly confirm them.
Law firm Veat promptly sent a request for materials to D Company regarding the requirements of the aforementioned provision, collected and analyzed related materials, and, along with a review of the revision history of Article 27, provided advice to the effect that D Company is not an obligated party under current law.
Thank you.
Law firm Veat