Virta has successfully completed certification to the ISO/IEC 27001:2013 standard as of June 2019.
As the number of electric cars and charging stations increases and the power controlled via EV charging platforms rises, the associated risks become greater. The total power controlled via charging platforms can soon reach the power of a nuclear reactor, hence, any unauthorized misuse may have far-reaching effects. While the risks are unlikely to materialize, they have a potential to affect the charging infrastructure widely and thus cannot be ignored.
ISO-certified EV charging platform
The certification demonstrates that Virta has implemented an information security management system (ISMS) that meets the internationally recognized standard. Virta's ISMS will ensure that strict security controls are in place to protect customer data and ensure secure operation of Virta's products and services. Achieving and maintaining ISO 27001 certification demonstrates the company's commitment to providing secure products and services.
“Virta has for years been committed to providing a secure way to control and manage the electric charging infrastructure. Our approach to identify and manage security risks is proactive - we are actively looking for possible risks and designing controls to manage them without sacrificing usability. Activities have included regular security assessments, penetration tests, dedicated security resources and internal awareness programs.” says Harri Sinnelä, Security Manager of Virta.
“Information security is a major concern for any organization and a top-priority for Virta. Our customers simply need to be sure that their data is secured,” says Elias Pöyry, CBO of Virta. “Achieving the ISO 27001 certification highlights that we are determined to constantly improve both our technical and physical security to make sure that we are able to provide the most secure industrial-level EV charging platform."
ISO/IEC 27001:2013 is an internationally recognized security standard that provides requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Risk identification and management as well as proactive internal assessments are an essential part of the requirements set in the standard.