Data Protection Certification

NAVER has acquired, and continues to maintain, various certifications that ensure its privacy protection
measures up to standards of security and legality, including standards specific to particular industries.

Data Protection Certification image
  • Data Protection
    Certification

    NAVER has acquired, and continues to maintain, various certifications that ensure its privacy protection measures up to standards of security and legality, including standards specific to certain industries.

    Go
    • SOC 2, 3
      NAVER was SOC 2 and SOC 3 certified in accordance with the International Standard on Assurance Engagements of the International Auditing and Assurance Standards Board (IAASB) and the Trust Services Principles section 100 established by the American Institute of Certified Public Accountants (AICPA) for its services related to the handling of users’ personal information and privacy.
    • Information Security Management System (ISMS)
      NAVER acquired the ISMS certification in recognition that various information protection activities, which are being continuously carried out in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection, meet the certification standards.
      • Scope of certification: 
        Naver Data Center ('GAK') Operation
      • Valid from October 5, 2022 to October 4, 2025
    • Personal Information & Information Security Management System (ISMS-P)
      NAVER obtained the certification by complying with the certification criteria in order to ensure the safety of information and communication network and to protect personal information.
      • Scope of certification: 
        Naver Service Operation (including Customer Center, Business, Naver Sign, Naver E-Documents) and User(B2C, B2B)'s Personal Information Management
      • Valid from October 5, 2022 to October 4, 2025
    • APEC CBPR Certification
      In December 2022, NAVER acquired CBPR (APEC Cross Border Privacy Rules) certification for the first time in Korea, a global personal information protection certification system based on APEC privacy protection principles.
      • Scope of certification: 
        Personal information protection policies and their overall management system related to 75 NAVER services, including NAVER portal service, NAVER business service, services that made inroads into Japan (MySmartStore, Article), BAND service, etc.
      • Valid from December 21, 2022 to December 20, 2023
    • ISO/IEC 27001, 27017, 27018
      In 2007 NAVER became the first corporation in the world to receive ISO/IEC 27001 certification from the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) specifically for the specialized category of user data protection. In addition, NAVER has also acquired and continues to maintain ISO 27017 and 27018 certification for the data security and user data security of its cloud services.
    • PCI DSS
      NAVER Pay is PCI DSS (Payment Card Industry Data Security Standard) compliant, meaning that in adherence with the above information security standard, it is able to protect the payment and transaction data of its users.