ISO 27001 certification
Belgian Mobile ID has received ISO 27001 certification for information security management for its itsme® solution.
Information security and confidentiality are a priority for Belgian Mobile ID, the consortium that created the digital identification application itsme®. The solution was certified ISO/IEC 27001:2013 by Certi-Trust™ on 11 October 2017.
The implementation of the ISO/IEC 27001:2013 standard aims particularly to ensure high availability of the services offered by the itsme® application as well as the confidentiality and integrity of its users' data.
A systemic approach
The ISO/IEC 27001:2013 standard proposes a systemic approach to security, by putting in place an information security management system (ISMS).
In other words, for itsme® it is not a matter of just putting in place ad hoc technical measures, but also organisational measures aimed at structuring the security management. And later, to guarantee continuous evaluation of its effectiveness.
For itsme®, security, privacy and an exceptional user experience are 3 key aspects. Information security and confidentiality are naturally a priority for the company and the team of Belgian Mobile ID. A rigorous information security management system (ISMS) enables the introduction of clear operational processes.
In practice, here are a few examples of measures that we have in place:
We encrypt all data flows without exception.
The personal data of our users is encrypted using a highly secure custom Hardware Security Module.
We have mirrored our data centres to ensure high availability.
We have put in place intrusion detection mechanisms.
We use only strong authentication for connectivity to our critical systems.
And Belgian Mobile ID undertakes to carry out an annual monitoring audit of those systems to ensure that they continue to be secure.