Korea Deloitte Touche Tohmatsu Limited (DTTL) Group said on the 2nd that, together with NICE Consulting, it is providing a service that supports classification and verification for information security disclosures using a retrieval-augmented generation (RAG)-based Generative AI information security disclosure platform.
The aim is to help reduce the burden of compiling vast supporting evidence and the risk of data inconsistencies that arise during corporations' preparation for information security disclosures, while boosting disclosure reliability.
The service focuses on automatically analyzing the criteria for each disclosure item and identifying potential omissions and inconsistencies in advance, so that classification and citation of grounds—considered central to corporations' disclosure workflows—can be carried out more consistently and efficiently.
The information security disclosure system operated by the Korea Internet & Security Agency (KISA) requires corporations to disclose their information security investments, personnel, and activities to the public. Amid the recent trend of making information security disclosure registration mandatory and strengthening post-verification, information security disclosures are expected to be used as a key tool to enhance corporations' credibility and demonstrate ESG management value.
In particular, the scope of entities required to make information security disclosures is expected to expand to all listed companies in 2027. Corporations are facing a growing burden to present the consistency and grounds of evidence for each disclosure item under stricter standards.
Korea Deloitte Touche Tohmatsu Limited (DTTL) Group noted that the traditional output process centered on manual work not only undermines the reliability of disclosure materials but can also increase legal and social liabilities if entry errors occur, underscoring the growing need for preemptive action.
The core of the new service is based on a RAG architecture. Before a Generative AI produces an answer, RAG first conducts retrieval of trustworthy internal and external documents and then generates the answer based on those results. Beyond KISA guidelines, the goal is to build a knowledge base from accumulated disclosure experience to improve consistency in interpreting criteria for each disclosure item and maximize efficiency in report drafting.
Korea Deloitte Touche Tohmatsu Limited (DTTL) Group is applying the agentic AI expertise it has accumulated in its recently launched Generative AI–based internal control over financial reporting (ICFR) operating assessment solution to the information security disclosure support service, providing an AI analytics engine that can be safely handled in an enterprise-dedicated AI environment using an application programming interface (API).
It also combines NICE Consulting's experience-based RAG to implement a platform service that automatically analyzes criteria for each disclosure item and identifies potential omissions and inconsistencies in advance.
Jung Kwan-hun, a partner in the audit practice at Korea Deloitte Touche Tohmatsu Limited (DTTL) Group, said, "In the end, the key is the fusion of technology and experience," adding, "To the question of why a particular activity falls within the realm of information security and what the basis for that judgment is, a RAG-based Generative AI will serve as an agent that presents consistent grounds, setting a new standard for information security disclosure practice."