Security is Gemalto’s core proposition. It is also critical for us as a source of trust. We aim for excellence in the integrity and confidentiality of all assets and data that belong to our company and customers. We achieve this through programs that help our employees maintain the highest levels of digital and physical security. One example is the way we include operational security managers in all our software development teams.
Our security strategy has four main strands:
- Business units and Research & Development;
- Sites and production;
Within each of these areas, we:
- Harmonize security policies and processes – building common security governance at all Gemalto sites;
- Target protection based on asset value – using risk assessment to protect sensitive data and validate solutions proposed by the business;
- Insist on widespread accountability – making security everyone’s business and using internal audits to plan for improvement;
- Conduct security awareness training for end-users and managers – developing security rules for specific teams;
- Develop incident prevention and management practices.
At a corporate level, we maintain a full risk register that we constantly update. In 2012, we updated our strategic security agenda. This took our risk register into account and also integrated risks identified in our new businesses. The main aim was to assess major risks and to develop resilience. This is especially important in areas such as the internet and wireless connectivity, where security is paramount.
Through regular assessments we also ensure that our internal security standards and policies meet or exceed regulatory requirements. Each year we use external tools to audit our quality and security systems against ISO and market-specific standards. At all R&D, production and personalization sites we maintain external certification through companies such as Visa and MasterCard as well as ISO 27001 for some of our sites. In 2012, we audited the security of the companies we have recently acquired and set up action plans where necessary.