News | January 14, 2014

Elster Achieves ISO 27001 Certification For Information Security Management

Elster is pleased to announce that its production and provisioning environments have achieved certification to the ISO/IEC 27001:2005 (ISO 27001) standard for information security. This includes Elster EnergyICT's cloud-hosted Software as a Service (SaaS) solutions for energy management, monitoring and analytics, as well as Elster's complete portfolio of smart metering products addressing each stage of the energy value chain. ISO 27001 accreditation means that customers and their end users are assured that their information assets are secure and managed in accordance with the strictest international standards.

Published by the International Organization for Standardisation (ISO) and the International Electrotechnical Commission (IEC), ISO 27001 is the only auditable international standard defining the requirements for an Information Security Management System (ISMS). With a growing number of organizations specifying this designation as part of procurement, Elster's accreditation under ISO 27001 provides independent verification that the company's comprehensive range of market-ready energy management and smart-metering solutions, hosting and production environments meet corporate governance and business continuity requirements. It also confirms that risks are properly identified, assessed and managed via formal information security processes, procedures and documentation, under a programme that is audited regularly by an independent party.

"The need for security in smart metering is well understood, but ensuring security end-to-end means addressing potential issues at every stage of the supply chain," states Michael John, solutions manager, Elster. "ISO 27001 certification assures all stakeholders (utilities, meter network operators, consumers) that Elster has robust controls, processes and formal documentation in place, that we manage risk appropriately, and that we have the necessary controls and documentation to ensure the physical security of assets and personnel, and to manage change. Crucially, it demonstrates that we have a formal programme in place to support our core goal of achieving security by design across all of our energy management and smart metering solutions for electricity, gas, and water."

From advanced meter infrastructure (AMI), smart gas, water and electricity meters, to interactive in-home displays and remote meter data management applications, Elster's market-leading portfolio is helping some of Europe's largest and most innovative utilities and organisations to implement new services and benefit from actionable information on-demand. Elster EnergyICT's industry-leading platforms include Enacto, which delivers actionable energy intelligence for multi-site commercial companies, and EIServer, which supports utilities and smart metering applications. Elster EnergyICT's SaaS environment runs from two physical data centres with full redundancy and failover capabilities.

"ISO 27001 will in some cases be a prerequisite for smart metering applications, due to mandated security requirements in respect of managing customers' meter data and provisioning the internal certificate authority service for authenticating firmware," continues John. "Elster is compliant in the way we manage security risks, especially new threats that emerge, and how these are captured, controlled, and communicated to customers. We monitor for announcements by vendors, capture all alerts and updates from national agencies and security groups, and run a comprehensive set of risk and penetration tests to analyse and assess risk both internally and externally. This ensures our smart metering and SaaS environment meets EU requirements for data security and privacy."

SOURCE: Elster