Recently, the Ministry of Science and ICT consolidated past laws and guidelines related to the software industry and enacted several new guidelines, as shown in the figure below.

[Figure 1] Ministry of Science and ICT SW Industry Information System “Status of Software Promotion Act Amendments”

One notable point is the enactment of the “Guidelines for Ensuring Software Safety.”

The guidelines define the following:

Guidelines for Ensuring Software Safety [Effective Dec. 17, 2020] [Ministry of Science and ICT Notice No. 2020-77, Enacted Dec. 17, 2020]

Article 2 (Definitions) 

The terms used in these guidelines are defined as follows:

1. “Software subject to safety management” refers to software that may pose risks to life, body, or property due to malfunction or lack of safety functions, and is designated as subject to safety management by the public institution developing or operating the software.

2. “Public institution” refers to the following:

a. Central administrative agencies and their affiliated organizations

b. Local governments

c. Public institutions under Article 4 of the Act on the Management of Public Institutions

d. Local public enterprises under the Local Public Enterprises Act

3. “Development” refers to activities related to analyzing software hazards, establishing safety requirements, and designing, implementing, and testing software to meet user requirements.

4. “Operation” refers to activities related to installing, operating, improving, and decommissioning software.

As highlighted, this applies to all stages of software development and operation by public institutions (including local public enterprises).

Chapter 3: Ensuring Safety During Software Operation

Article 10 (Software Operation Management Plan)

① Public institutions shall periodically establish an operation management plan for software subject to safety management, including the following:

1. Roles and responsibilities of the operating organization

2. Software safety inspections

3. Standards and procedures for software change management and incident management

4. Training for operating personnel

5. Other matters necessary for safe software operation

② Public institutions shall periodically verify compliance with the operation management plan under Paragraph ①.

Article 13 (Software Change Management)

① When changing software subject to safety management or its operating environment, public institutions shall review the impact of the changes on safety.

② The scope of changes to the software operating environment includes:

1. OS changes and patches

2. Hardware changes and additions

3. Changes to linked systems

4. Changes to software settings and data affecting operations

5. Changes to operating organization, personnel, or operating methods

6. Other changes affecting operation management

③ Based on the analysis results under Paragraph ①, public institutions shall perform activities under Articles 6 to 9 as necessary.

The purpose of these guidelines is not limited to software but also includes securing and operating processes for hardware failures and changes.

Activities such as those above, along with Article 14 (Incident Management) and Article 15 (Information Sharing), correspond to key areas of ITIL (Information Technology Infrastructure Library) Service Support, which is a factual standard for IT service management.

As the importance of IT within organizations grows, these developments reaffirm the significance of IT service management, including service support and service delivery.

The Ministry of Science and ICT has moved beyond previous guidelines such as the Ministry of the Interior and Safety’s “Information System Failure Prevention Guide” and now enforces compliance measures. In the second half of last year, it allocated a budget of 3 billion KRW for “software safety diagnostics” across 150 systems, including those in the private sector, to monitor and prevent major software safety incidents from impacting organizational safety and, ultimately, public safety.

E-GENE™ ITSM Solution, developed by STEG Inc., Korea’s leading ITSM specialist, has been providing traditional on-premise solutions and SaaS-based subscription services for public, financial, and private sectors since 2008.

Through its ITIL-based solution, it meets the requirements of the newly enacted “Guidelines for Ensuring Software Safety” and supports a more stable IT operation framework.

Park Geon, Manager, Solution Business Division, STEG Inc. / M.Eng.