한국어 
日本語 
English 
Enterprise-Grade
Security Architecture
AWS infrastructure, encryption, access control, and compliance. Layered design based on dual ISMS-P + ISO 27001 certification.
Infrastructure Security
Hosted on AWS Seoul Region with multi-layered defense from network to server.
AWS Seoul Region
Domestic Data Sovereignty
All data stored and processed within Korea with no overseas transfers.
VPC Network Isolation
External Access Blocked
Logical network separation per client. Subnets, security groups, and NACLs completely block external access.
WAF + Shield
Automated DDoS Protection
AWS WAF blocks OWASP-based web attacks while AWS Shield provides automated DDoS mitigation.
Direct Connect
Dedicated Line
Financial clients connect via Direct Connect dedicated lines, bypassing the public internet.
Data Security
Protecting data throughout its entire lifecycle — from storage to transit to disposal.
AES-256 Encryption
Data-at-Rest Protection
Database, file storage, and backups are all encrypted with AES-256.
TLS 1.3 Transit Encryption
MITM Prevention
Client-server communication encrypted with TLS 1.3. Lower versions are disabled.
Automatic PII Masking
Full Access Logging
Sensitive data is automatically masked. Full audit logs capture who accessed what data and when.
Data Disposal
Secure Deletion Procedure
Data is securely deleted at service termination. Permanently destroyed using irrecoverable methods.
Operational Security
People and process-level access controls to prevent even internal threats.
RBAC Role-Based
Granular Access Control
Least privilege principle applied per role: system admin, client admin, sub-admin, learner.
SSO · SAML 2.0
Two-Factor Auth (2FA)
Integrates with enterprise authentication (AD, Okta, Azure AD). Admin accounts require additional OTP two-factor authentication.
IP Whitelist
Admin Access Restriction
Admin pages accessible only from whitelisted IP ranges. Non-whitelisted IPs are automatically blocked.
Vulnerability Patching
Critical: Within 24 Hours
Critical vulnerabilities patched within 24 hours, High within 72 hours, Medium within 7 days.
Compliance
Meeting industry regulatory requirements from mandatory training to financial and public sector regulations.
5 Mandatory Trainings
Auto-Managed In-Platform
Automatically manages workplace safety, harassment prevention, disability awareness, privacy protection, and anti-bullying training.
Financial Regulations
Vendor Audits · AML
Supports electronic financial supervision vendor security audits and provides legal evidence for financial consumer protection training completion.
Public Sector Compliance
Audit Trail for Inspections
Provides security audit trails for government inspections. Safety verified through ISMS-P certification.
Personal Data Processing
Safety Verification
Objectively demonstrates personal data processing safety through ISMS-P certification.
Operational Reliability
Enterprise-level reliability and incident-response systems in operation.
Seoul Region multi-AZ architecture
Initial response and recovery
24/7 by dedicated operations team
Major insurer, consecutive years
