The GSMA’s SAS Certification Body, made up of GSMA operator members, has defined the security standard for UICC suppliers. This body is also responsible for maintaining and developing the security standard.
The Certification Body, the auditors and the UICC industry review and update the standard annually. As well as maintaining the SAS documentation, the SAS Certification Body ensures audits are correctly conducted. The Certification Body receives the audit report from the audit team and ultimately decides whether or not the supplier is awarded SAS certification.
The Certification Body delegates responsibility for organizing and scheduling of audits to the GSMA’s professional staff, which provides the audit methodology, auditing agreement and other documentation to participating suppliers.
