Elatec CSS is ISO/IEC 27001 certified

Elatec is proud to announce its achievement of ISO/IEC 27001:2013 certification for Information Security Management. By achieving the internationally recognized ISO/IEC 27001 certification, Elatec has demonstrated its commitment to Information Security Management.

ISO 27001 is the international standard which is recognized globally for managing risks to the security of information. Certification to ISO 27001 allow us to prove to our clients and other stakeholders that we are managing the security of information.

ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes. According to its documentation, ISO 27001 was developed to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.”

Adding this certification to the credential, along with the GSMA SAS achievement – 2 years recertification awarded of this year, shows Elatec’s commitment to continuous improvement in Information Security standards as UICC products supplier.

As a regional leader in smart card manufacturing Elatec’s management recognize the benefits of ISO 27001, and in 2016 it was decided to take first steps towards 52certification.

Shortly after the set goals, a pre-assessment was performed for the system, when weaknesses and omissions was identified.

The team established strategy and soon condition for the first stage certificate were fulfilled. Focus on the first stage was on a documentation review, identifying processes established by our team and procedure related to them.

As result of first audit stage, the certification body propose a period of 3 months to fulfill necessary conditions for ‘Stage 2’ audit, which according to the auditors was great achievement for a newcomer in ISO 27001 certification. A Corrective Action Plan was identified for the second stage, and hard work was in front of our team.

In a very short period of time, we successfully meet all the requirements, and get green light for ‘Stage 2’ audit.

In 2017 ‘Stage 2’ of the certification process take place, where the auditors meet the management and staff. This time, the focus was on management reviews, internal audits, and the determination that organization really lives according to the established processes and procedure.

The audit was successfully performed by the whole team, and in November 2017 Elatec was awarded the certificate.