After passing its annual audit for PCI DSS certification by the global credit card industry, Lufthansa Systems has received re-certification of its infrastructure operations in accordance with the ISO 27001 standard. Lufthansa Systems therefore meets the highest standards of information security.

For the ISO 27001 certification, Lufthansa Systems’ IT infrastructure, applications, data center and various processes were reviewed. This was the first time that the areas of storage & backup, SIEM (Security Information and Event Management) and the Governor solution were included in the audit to ensure that the complete infrastructure was covered. SIEM solutions analyze security alarm signals from the hardware, software and connected applications in real time, while Governor is a security management system for handling access permissions. The new ISO certificate is valid for a period of three years, during which its effectiveness is checked by conducting annual surveillance audits.

ISO/IEC 27001 is an internationally recognized standard that specifies the requirements for an information security management system (ISMS). An ISMS comprises the procedures and rules within a company for defining, controlling, maintaining and continually improving information security. In Germany, these audits are carried out by the German Association for the Certification of Management Systems (DQS).

During a PCI DSS (Payment Card Industry Data Security Standard) certification audit, external Qualified Security Assessors review over thirty infrastructure and application areas for compliance with the security standards. The major payment organizations established the standard to counteract the growing incidence of credit card data abuse. The standard defines almost 400 detailed sets of requirements and security rules for the processing of credit card data.

“The certificates from external auditors confirm our commitment to the high security standards we implement anyway at Lufthansa Systems,” said Bardo Werum, Senior Vice President Infrastructure at Lufthansa Systems. “Information security is attracting a growing amount of attention, and standards like ISO 27001, PCI DSS or PS951 are frequently a component of large-scale bids and therefore a decision-making criterion for customers. By undergoing these audits, we are demonstrating our trustworthiness to customers while also ensuring that we remain internationally competitive.”

Print this article - Send this article