Google Cloud Completes Korea Financial Security Institute Audit

Financial Services institutions (FSIs) are among the most heavily regulated enterprises, and often have explicit and detailed obligations to assess and audit activities they outsource. For FSIs, due diligence of a cloud provider’s controls is often an essential first step in adopting cloud services. At Google Cloud, we work closely with our customers, their regulators, and appointed independent auditors who want to verify the security, privacy, and compliance of our platform.

One example is how we support our FSI customers in South Korea. The IT outsourcing regulations issued by the Korean Financial Services Commission (FSC) provide specific guidance on risk assessment and monitoring of the outsourced function. In turn, the Korea Financial Security Institute (K-FSI) supports financial institutions with security analysis and assessments. Earlier this year, we worked with K-FSI auditors to complete an audit based on their requirements.The successful completion of the audit helped support a group of leading South Korean FSI customers interested in expanding their adoption of Google Cloud. These FSIs rely on cloud infrastructure and technologies to deliver innovative solutions and experiences to their customers, so a successful K-FSI audit was a critical requirement ahead of migration to Google Cloud.

Our customers joined together in a “pooled audit” to verify the infrastructure controls and measures we have to safeguard their applications and data. We leveraged the K-FSI guidelines, including the Guideline on the Use of Cloud Computing Services in the Financial Sector, that covers a variety of contractual and operational areas. These include risk management, business continuity, and protection of customer data. In total, the audit evaluated more than 30 protection measures for the financial services sector, such as logging and monitoring, network security, and encryption.

Andrew Chang, managing director of Google Cloud Korea, spoke about how critical this completed audit is for earning and retaining customer trust. “The financial industry in Korea has shown great growth using Google Cloud’s enterprise resources,” said Chang. “With this growth comes a need for us to build customer trust as they seek to understand our certifications, policies, compliance controls, and audit results that are necessary for completing risk management and due diligence efforts.”

Our pooled K-FSI audit is a great example of how customers across an industry can come together to efficiently deploy their resources and ensure their confidence in Google Cloud’s trust posture. Verifying the security controls of the Google Cloud platform through audits is one way Google Cloud maintains its commitment to being the industry’s most trusted cloud. We continue to partner with customers to meet their evolving regulatory compliance requirements. To learn more about Google Cloud Trust and Compliance, visit our Compliance Resource Center.

By: Rani Urbas (Head of Enterprise Trust, Google Cloud) and John Mulder (Director Enterprise Trust, Google Cloud)
Source: Google Cloud Blog