Security Guidelines

Security Criteria to
Verify Before Choosing an LMS

Verify these key points before entrusting personal data to an education platform.

ISMS-P
KISA Certified
Korea's highest-level integrated security certification
ISO 27001
International Standard
Global security management framework
99.1 Points
Vendor Security Audit Result
Major insurers, banks, and financial clients
Talk to sales View Security Overview

Security Checklist

  • Does the vendor hold ISMS-P or equivalent security certification? ISMS-P is Korea's highest-level integrated certification operated by KISA, requiring 101 criteria across 3 domains with annual surveillance audits. Required by financial and public institutions for vendor selection.

    TouchClass holds both ISMS-P & ISO 27001
  • Is encrypted storage and transmission of personal data supported? Is RBAC in place? AES-256 for data at rest and TLS 1.2+ for data in transit must be applied. Without role separation for admins, operators, and learners, enterprise data may be exposed too broadly.

  • What is the operational reliability level? Is there a CERT incident response system? Is a DR system in place? If the platform goes down during mandatory training deadlines, legal liability issues arise. Verify operational reliability and incident response provisions in the contract beforehand.

  • Has the vendor passed vendor security audits? Does it hold CSP (Cloud Service Provider) security certifications like AWS? Financial and enterprise clients often have stricter internal standards, and passing their audits serves as external validation of security capabilities.

    Major insurer & bank vendor audit: 99.1 points
Security Certification Comparison
ISMS-P
Certified
KISA Certified
Annual surveillance audit passed
🌐
ISO 27001
Certified
International Standard
Information Security Management

For financial and public sector vendor selection,
request the certificate itself — its scope and validity period.

Data Protection — Encryption & Access Control
Encryption Coverage
Data at Rest AES-256
Data in Transit TLS 1.2+
Passwords bcrypt Hash
Role-Based Access Control (RBAC)
👑
Super Admin
Full settings · User management · Complete report access
🏢
Operations Admin
Course management · Learner status for assigned courses
👤
Learner
Own learning history · Assigned courses only
Operational Reliability — Metrics & DR Status
5yr+
Uninterrupted
Operational Reliability
Based on 2025 record
Multi-AZ redundancy · 24/7 monitoring
Highest Grade
🔁 Disaster Recovery (DR) System AWS Multi-AZ
⏱️ Recovery Time Objective (RTO) Within 4 hours
💾 Recovery Point Objective (RPO) Within 1 hour
🚨 Incident Response (CERT) 24/7 Monitoring
Lead: IT Infrastructure Team S. Park · Last DR drill: 2026.01.15
Vendor Security Audit Results
99.1
Overall: 99.1 Points
Highest Grade Achieved
Auditing body: Major insurer · 2025
Consecutive Incident-Free Operation 5+ Years
Financial Sector Vendor Audit Passed Major insurance group / Major bank / Commercial bank
AWS Cloud Security Certification Seoul Region Operation
Privacy Policy Published · Regularly updated

How to verify an LMS vendor's security posture

These five checks can be put to any vendor on equal terms. TouchClass answers each one with a publicly verifiable source.

Check What to request from the vendor TouchClass published evidence
Security certification The certificate itself, its scope, and its validity period ISMS-P and ISO/IEC 27001:2022 certified
Data residency Region, redundancy setup, backup cadence AWS Seoul Region
Encryption Encryption method at rest and in transit AES-256 at rest, TLS in transit
Financial-sector reference Vendor security reviews passed at comparable scale, and incident history 17 financial institutions, about 135,800 cumulative users, 5 years without service interruption
AI training data Confirm in the contract whether customer data trains the vendor's models Customer knowledge assets are not used as AI model training data

* This is a vendor-neutral checklist. The certification status of other vendors has not been surveyed, so TouchClass makes no assessment, ranking, or comparative claim about them. Verify any vendor's certifications against the KISA registry and the certificate the vendor provides. (Source: touchclass.com/en/security)

Questions about security standards?
We provide tailored security consulting.

Talk to sales