The interdependence of industry and information has enabled anyone to obtain information easily all over the world. In many countries, the cyberspace has become a place for political, economic, social, cultural, and other activities. Failure to make cyberspace a safe place will make it impossible to establish a stable information society. This is especially true for the subject of information security. Information security is not limited to national security; rather, it extends to corporate and public sectors. As such, there is an urgent demand for new regulations and systems not just for national security but also for the protection of personal information. In this article, which aims to develop key recovery agent protection profile, we propose additional classes by analyzing existing key recovery agent protection profile as well as SCT evaluation method proposed by ISO/IEC 15443. In the case of the proposed method, the protection profile can cover certain security vulnerabilities not considered in the existing key recovery agent protection profile. We also propose an alternative evaluation methodology for the development of non-security, function-added key recovery agent protection profile.