Amazon Web Services (AWS) has successfully completed the 2023 South Korea Cloud Service Providers (CSP) Safety Assessment Program, also known as the Regulation on Supervision on Electronic Financial Transactions (RSEFT) Audit Program. In South Korea, the financial sector is subject to various cybersecurity standards and regulations, including RSEFT and the Guidelines on the Use of Cloud Computing Services in the Financial Industry (FSIGUC).
Prior to 2019, the RSEFT guidelines did not allow the use of cloud computing in the financial sector. However, on January 1, 2019, the guidelines were amended to permit financial institutions to use the public cloud for data storage and processing, as long as they comply with the security measures applicable to financial companies.
AWS is dedicated to helping its customers comply with relevant regulations and guidelines, ensuring a smooth experience for financial customers using the cloud. Since 2019, the RSEFT compliance program has aimed to provide support to South Korean financial services customers in adhering to RSEFT and FSIGUC. Financial services customers can choose to conduct an individual audit using publicly available AWS resources and on-site visits or request the South Korea Financial Security Institute (FSI) to conduct the primary audit on their behalf, utilizing the audit reports produced by the FSI.
In 2023, AWS collaborated with FSI once again to complete the annual RSEFT primary audit, involving 59 customers. The audit covered data center facilities in four Availability Zones of the AWS Asia Pacific (Seoul) Region, as well as the services available in that Region. It assessed various security domains such as security policies, personnel security, risk management, business continuity, incident management, access control, encryption, and physical security.
The completion of this audit program enables customers to use the results and audit report for their annual submission to the South Korea Financial Supervisory Service (FSS), thereby allowing them to adopt and continue using AWS cloud services and infrastructure. For more information on the RSEFT program, visit the AWS South Korea Compliance Page. For inquiries, customers can reach out to their AWS account manager.
If readers have any feedback regarding this article, they can submit their comments in the Comments section below.
Andy Hsia, the Customer Audit Lead for APJ based in Singapore, is responsible for customer audits in the Asia Pacific region. He has been with Security Assurance since 2020 and has successfully conducted key audit programs in Hong Kong, India, Indonesia, South Korea, and Taiwan.
