SAS Auditors
The audit team consists of two independent auditors who conduct the audits by reviewing documentation, conducting interviews with key individuals and carrying out tests in key areas. The independence of the audit team is of paramount importance to the integrity of the scheme. It is recognised that the chosen audit companies must be professional in the conduct of their business. To ensure the GSM Association secures the services of the best qualified and most professional auditing companies a competitive tender is periodically conducted to invite proposals for the provision of security audits of smart card suppliers at an international level.
The key responsibilities of the auditors are:
- Development and maintenance of the formal documentation specifying the issues that are covered during security audits
- Preparation of the audits with the suppliers
- Conduct of the security audits themselves
- Provision of a report for each audit detailing results and recommendations
The main criteria, (which shall not be deemed to be an exhaustive list), which the auditors must fulfil are:
- Capacity to cover all security issues necessary to conduct a security audit
- Capability of the auditor to conduct audits in various global environments
- Credibility of the auditor (references) and of the employees who are in a position to realise the audits
- Independence from main GSM suppliers#
- Cost of the proposal Commitment of the auditor to conduct at least five security audits over a one year period
The auditing companies currently selected by the GSM Association are Fraud Management Limited and ChaseWaterford
