| Feature | Benefit |
|---|---|
| GSMA SAS-UICC Readiness & Audit Support | Gap analysis against the latest GSMA SAS-UICC requirements for the Production Site. |
| Remediation Plan Development for physical security (High-Security Area design, access matrix) and logical security (Key Management System, data separation). | |
| Serving as a Liaison for Certification Auditors to streamline the dry and wet accreditation process. | |
| Integrated ISMS (ISO 27001) Implementation | Designing and implementing a comprehensive Information Security Management System (ISMS) tailored to the manufacturing environment. |
| Risk Assessment and Treatment methodology development, focusing on threats specific to embedded security elements (e.g., data leakage). | |
| Establishing the mandatory Statement of Applicability (SoA) and continuous compliance monitoring programs. | |
| Personnel Security and Awareness | Developing role-based security training programs specific to the high-security production floor and personalization data management (SPDM) teams. |
| Implementing and auditing the "Four-Eyes Principle" (4EP) for all critical security processes, including key generation and destruction. |
| Feature | Benefit |
|---|---|
| Secure Personalization Data Flow Architecture | Consulting on the secure design and logical separation of the Sensitive Process Data Management (SPDM) System from the general IT network. |
| Implementing Cryptographic Key Management procedures and tools for protecting customer keys and personalization data during transfer and storage (HSM configuration). | |
| Production Lifecycle Traceability & Control | Designing a robust Work in Process (WIP) tracking system that ensures continuous material reconciliation between every machine and process step (e.g., from milling to embedding to personalization). |
| Defining Secure Destruction Procedures for rejected or surplus sensitive material (Class 1 assets), including the use of certified destruction equipment and auditable logs. | |
| Quality Assurance (QA) and AQL Customization | Establishing the mandatory Statement of Applicability (SoA) and continuous compliance monitoring programs. |
| Developing Quality Control (QC) protocols that align with GSMA's quality expectations for SIM cards, including the use of Acceptable Quality Limit (AQL) plans for various stages of production. |
| Feature | Benefit |
|---|---|
| Secure Logistics & Transit Protocols | Creating end-to-end secure logistics procedures for the transport of both sensitive physical goods (finished SIMs) and sensitive data (output files). |
| Developing requirements for Secure Transport Vehicles (e.g., armed guards) and protocols for the simultaneous, secure delivery of physical goods and their corresponding cryptographic data files. | |
| Business Continuity and Disaster Recovery (BCDR) Planning | Developing Business Continuity Plans (BCP) and Disaster Recovery (DR) plans that meet ISO 27001 A.17 standards |
| Focusing on the rapid recovery of the Personalization Environment and the restoration of key cryptographic assets. | |
| Supplier Risk Management (ISO 27001 A.15): | Implementing a third-party risk management program to assess the information security compliance of key raw material vendors (e.g., PVC cards and module suppliers). |
| Establishing Service Level Agreements (SLAs) with security requirements for outsourced services, ensuring the factory’s security perimeter extends to its supply chain partners |
