Increasing smart card security, lowering business risks
The smart card (or SIM card) in GSM devices plays a fundamental role in ensuring the security and integrity of mobile services, subscriber accounts and related services and transactions. To safeguard the integrity of the smart card, and the associated authentication data, it is essential that smart card suppliers’ manufacturing environments are secure.
The GSMA’s Security Accreditation Scheme (SAS) enables all GSM operators, regardless of their resources or experience, to assess smart card suppliers’ security. The SAS is a voluntary scheme through which suppliers subject their production sites and processes to a comprehensive security audit. Successful sites are awarded security accreditation for a period of two years. The scheme benefits both smart card suppliers and network operators in the following ways:
Advantages to suppliers
- Demonstrates commitment to security and reduces risks for customers
- Means fewer individual operator inspections
- Provides certification from the world’s leading wireless industry representative body
- Delivers a world-class security review of operations
- Offers a uniform approach to security audits
Advantages to mobile operators
- No need to spend money and time conducting individual audits
- Audits are conducted by highly-qualified individuals at no cost to the operator
- The scheme sets a rigorous security standard requiring a high-level of supplier commitment
- Offers peace of mind that suppliers have implemented appropriate security measures
SAS audits of smart card manufacturing sites cover the following areas
- Security policy, strategy and documentation
- Security organisation and responsibility
- Information security
- Personnel security
- Physical security
- Production data management
- Logistics and production management
- Computer and network management
The GSMA developed the smart card supplier auditing standard and methodology in collaboration with smart card suppliers and world-class security auditing companies FML and ChaseWaterford, which conduct the audits on behalf of the GSMA. A certification body is maintained within the GSMA to oversee and develop the scheme and to formally award accreditation. A brochure describing the scheme is available here.
The GSMA widely publicises supplier sites that gain accreditation under the scheme, highlighting to its members the benefits of acquiring smart cards and other products from such sites. GSMA also provides advice to its members on how to use SAS. Accredited suppliers may use the special SAS supplier logo on their promotional materials, increasing visibility of their accredited status among mobile operators.
The Security Accreditation Scheme is well-established and has accredited some of the industry’s largest smart card suppliers. The scheme is currently open to all smart card suppliers, regardless of location, and the GSMA welcomes the participation of all interested parties.
For further information, or to register an interest in participating in SAS, contact the GSMA by completing an online form or sending email to sas@gsma.com.
