Telenor Pakistan has become the first Telecom Operator in Pakistan to have received the prestigious ISO/IEC 27001:2005 certification for Information Security Management System (ISMS) for mobile banking services.
After a robust and comprehensive ISO 27001 compliance audit performed by the Certification Body Moody International accredited by UKAS (United Kingdom Accreditation Services), the ISMS for mobile banking services has been assessed and found compliant with all international requirements.
This certification will ensure secure and reliable mobile transactions through Tameer Microfinance Bank and Telenor Pakistan’s easypaisa.
Chief Technology Officer, Telenor Pakistan Khalid Shehzad while talking about the certification said, “By having achieved this certification for easypaisa services, we have tried to offer to our external customers a secure, reliable and organized information security system that will give them the confidence to conduct their financial transactions without any hesitation.”
ISO 27001:2005 is an international code of practice for Information Security Management Systems that was established by the British Standard Institution in 2005. ISO 27001 represents the only auditable international standard to define the requirements for an Information Security Management System (ISMS).
The certification is awarded only if the Information Security Management System ensures a defined security policy, a defined scope of ISMS, has conducted a thorough risk assessment and managed all identified risks. In addition, the certification directly benefits the customer by ensuring information security, transaction security and enhanced process efficiency.
Good to see Telenor taking this stuff really seriously. And this ISO programme is a good first step. However, these ISO certifications only formulate guidelines for implementation of security systems. So a company would just make a security policy, and then the certification would ensuer that this company is following this policy strictly. But the question is,”what if the policy itself is flawed?” This standard only ensures that whatever Telenor’s perception of security is there, is being properly managed. For financial transaction security, perhaps Telenor is better off trying for a PCI DSS certification, which gives a peace of mind to end user that his transaction is 100% secure. The PCI DSS is an independent body set up through a collaboration of Mastercard, Visa and American Express. For those who would want to learn more:
http://www.insight.co.uk/files/whitepapers/Using%20ISO%2027001%20for%20PCI%20DSS%20Compliance%20(White%20paper).pdf