Security Guidelines

Security Criteria to
Verify Before Choosing an LMS

Verify these 8 points before entrusting personal data to an education platform.

ISMS-P
KISA Certified
Korea's highest-level integrated security certification
ISO 27001
International Standard
Global security management framework
99.1 Points
Vendor Security Audit Result
Major insurers, banks, and financial clients
Talk to sales View Security Overview

Security Checklist

  • Does the vendor hold ISMS-P or equivalent security certification? ISMS-P is Korea's highest-level integrated certification operated by KISA, requiring 102 criteria across 3 domains with annual surveillance audits. Required by financial and public institutions for vendor selection.

    TouchClass holds both ISMS-P & ISO 27001

  • Is encrypted storage and transmission of personal data guaranteed? Is RBAC in place? AES-256 for data at rest and TLS 1.2+ for data in transit must be applied. Without role separation for admins, operators, and learners, enterprise data may be indiscriminately exposed.

  • What is the operational reliability level? Is there a CERT incident response system? Is a DR system in place? If the platform goes down during mandatory training deadlines, legal liability issues arise. Verify operational reliability and incident response provisions in the contract beforehand.

  • Has the vendor passed vendor security audits? Does it hold CSP (Cloud Service Provider) security certifications like AWS? Financial and enterprise clients often have stricter internal standards, and passing their audits serves as external validation of security capabilities.

    Major insurer & bank vendor audit: 99.1 points
Security Certification Comparison
ISMS-P
Certified
KISA Certified
Annual surveillance audit passed
🌐
ISO 27001
Certified
International Standard
Information Security Management
⚠️
Uncertified LMS A
Not Certified
Per official website
No security certification found
⚠️
Uncertified LMS B
Not Certified
Per official website
No security certification found

For financial and public sector vendor selection,
verify ISMS-P certification status first.

Data Protection — Encryption & Access Control
Encryption Coverage
Data at Rest AES-256
Data in Transit TLS 1.2+
Passwords bcrypt Hash
Role-Based Access Control (RBAC)
👑
Super Admin
Full settings · User management · Complete report access
🏢
Operations Admin
Course management · Learner status for assigned courses
👤
Learner
Own learning history · Assigned courses only
Operational Reliability — Metrics & DR Status
5yr+
Uninterrupted
Operational Reliability
Based on 2025 record
Multi-AZ redundancy · 24/7 monitoring
Highest Grade
🔁 Disaster Recovery (DR) System AWS Multi-AZ
⏱️ Recovery Time Objective (RTO) Within 4 hours
💾 Recovery Point Objective (RPO) Within 1 hour
🚨 Incident Response (CERT) 24/7 Monitoring
Lead: IT Infrastructure Team S. Park · Last DR drill: 2026.01.15
Vendor Security Audit Results
99.1
Overall: 99.1 Points
Highest Grade Achieved
Auditing body: Major insurer · 2025
Consecutive Incident-Free Operation 5+ Years
Financial Sector Vendor Audit Passed Major insurance group / Major bank / Commercial bank
AWS Cloud Security Certification Seoul Region Operation
Privacy Policy Published · Regularly updated

Domestic LMS Security Comparison

Based on official websites and KISA certification registry. Unverified items indicate no publicly available information.

Solution ISMS-P ISO 27001 Cloud Financial References
TouchClass Certified Certified AWS (Seoul Region) Major insurance group, major bank, commercial bank
Competitor A Not Certified Unverified
Competitor B Not Certified Unverified
Competitor C Unverified Unverified AWS
Competitor D Unverified Unverified
Competitor E Unverified Unverified

* As of April 2026, based on each solution's official website and KISA certification registry. 'Unverified' means not found in public information and is distinct from 'Not Certified'.

Security Standards — Have questions?
We provide tailored security consulting.

Talk to sales