SMC becomes first ISO27701-certified Korean medical institution


Samsung Medical Center (SMC) becomes the first to acquire ISO 27701 certification for treatment, medical support, and research in the medical information system field of Korea. Established by the International Organization for Standardization (ISO), ISO 27701 certification is an international standard personal information protection certification that details requirements and guidelines for organizations to protect personal information. The certification was issued by the British Standards Institution (BSI) and is released only to institutions that have acquired ISO 27001 international standard information protection certification in advance.


In addition, SMC has exerted continuous efforts to strengthen the medical institution’s security by obtaining the information security management system (ISMS) certification in 2016 and the information protection and personal information protection management system (ISMS-P) certification in 2019 from the Ministry of Science and ICT.


With the ISO 27701 certification, SMC now has standard certifications for both local and international ISMS-Ps. In particular, experts believe that SMC can respond to the trend of strengthening compliance to standards in other countries, such as the General Data Protection Regulation (GDPR) in Europe and CPS 234 in Australia, by establishing an international standard personal information protection system.


Chief Information Security Officer at SMC (CISO) Jonghwan Park said that SMC is the first medical institution to secure both international security certifications ISO 27001 and ISO 27701. As such, the company will do its best to safely manage patients’ sensitive medical information and play an essential role in strengthening the security of medical institutions.