• Mobile Broadband
• Mobile Lifestyle
• Mobile Planet
• Industry Technical Solutions
  • PathFinder
  • Open Connectivity
  • Personal Instant Messaging
  • Evolution to IP
  • IP Interworking
  • Network Sharing
  • Fraud & Security
    • IMEI Database
    • Mobile Application Security
    • GSM Security Algorithms
    • Security Accreditation Scheme
      • Certification Body
      • SAS Auditors
      • For Smart Card Suppliers
      • Accredited Smart Card Plants
      • Smart Card Participation Form
    • Security Advice for Mobile Phone Users
• Public Policy
•  

Certification Body

The security standards for smart card suppliers are defined by the GSM Association. The standards are summarised in the "GSM Association SAS – Smart Card Supplier Audit Standard" and the SAS Certification Body, which comprises GSM Association network operator members, is responsible for updating and distributing the security standards.

Updates to the standard normally arise from annual reviews which will involve the Certification Body, auditors and the smart card industry. Where interim threats are identified ad hoc meetings are convened to facilitate the necessary updating of the audit documentation.

Aside from maintaining the SAS documentation, the SAS Certification Body ensures audits are correctly conducted. The Certification Body receives the audit report from the audit team and ultimately decides whether or not the supplier is awarded SAS certification.

The Certification Body delegates responsibility for organizing and scheduling of audits to the GSM Association, which provides the audit methodology, standard and contractual documentation to participating suppliers.