Information Security & ISO/IEC 27001:2005 Certification
Numerex is the first machine-to-machine (M2M) service provider in North America awarded the prestigious ISO/IEC 27001:2005 (“ISO 27001”) information security-related certification. We follow an ISO-sanctioned systematic approach in the implementation of security controls, which encompass people, processes and IT systems. ISO certification means the M2M data that we process and transport on behalf of our customers maintains the strictest levels of confidentiality, integrity and availability.
While there is no single silver bullet when it comes to information security, ISO 27001 is rapidly gaining acceptance and provides a common frame of reference throughout the world. It also aligns very well with many other standards, making it the cornerstone of a comprehensive security plan.
Our ISO 27001 certification facilitates compliance not only with the Sarbanes-Oxley Act of 2002 (SOX), but also with an array of information security-related legislation and regulations in Numerex’s markets, such as utilities (NERC CIP cyber security mandates), financial services (GLBA and PCI DSS), healthcare (HIPAA), government (FISMA), and across markets (state laws governing security breach notification).
In much the same way that ISO 9001 says, “We are a quality organization,” ISO 27001 indicates that information security is of paramount importance to the organization. From our people to our processes to our technology, Numerex takes a proactive path to security.
NERC: North American Electric Reliability Corporation; CIP: Critical Infrastructure Protection – the eight cyber security standards provide “good housekeeping” requirements designed to lay a solid foundation of sound security practices for the North American bulk power system; GLBA: Gramm-Leach-Bliley Act of 1999; PCI DSS: Payment Card Industry Data Security Standard of 2004; HIPAA: Health Insurance Portability and Accountability Act of 1996; FISMA: Federal Information Security Act of 2002; State laws governing security breach notification: although California’s data breach notification law of 2002 has received a lot of attention, many other states have enacted similar laws. Numerex is a public company and compliant with the SOX requirements.