Tim Strong , Senior Security Manager for SITA Global Services, says with a growth in information and increasing security threats the aviation industry has a growing reliance on data.
Information security and air transport are inextricably linked. That is not only because of the mission-critical nature of much of the industry’s data but also because of air transport’s growing dependency on data, sharing and new digital ways of working. It’s why ISO27K is a critical standard for a global IT provider to achieve.
With aviation customers in every corner of the globe, SITA is only too aware that our industry today is not just about sharing network, infrastructure, platforms and technology. It’s about sharing data and know-how. Data has the potential to add more and more value at every interchange between the airlines, airports, ground handlers, border agencies and other stakeholders who make the journey happen.
We’re evolving our expertise with data-driven services, such as passenger flow management, flight prediction and operational business intelligence that rely heavily on data from various sources. Secure data sharing is crucial to the critical focus we’re placing on emerging ‘plug and play’ platforms that unite many stakeholders, as we strive to enable greater collaboration and secure data sharing across air transport operations.
ISO27K – the vital foundation for a data-driven air transport industry
It’s also why it’s nothing less than vital to have ISO27K security standard certification for our internal management processes, which in turn provide services to our customers the world over. As a global air transport IT provider, we regard information security management as a given, and we work hard to maintain our capabilities.
Operational excellence and the SITA Command Centers
ISO27K is an integral part of SITA achieving operational excellence, which we work towards in many areas within our organisation, for the benefit of customers. The ISO27K certification of our security processes provided by the SITA Command Centers (SCC) are also a key component of our enhanced security programme, given the intimate nature of the support services SITA provides to its customers.
The SCCs operate 24/7 using a follow-the-sun model and are an integral part of the services we provide to customers. The SCCs provide proactive management of applications and infrastructure to SITA’s customers globally. This includes airlines, airports and government bodies. Information security management is paramount.
One of the most globally recognised and accepted frameworks
The ISO standards provide one of the most globally recognised and accepted frameworks for the implementation of information security management and best practices. ISO27K underscores an accredited level of security posture, addressing the quality of the Information Security Programme together with the robustness of controls to mitigate the risk of cyberattacks.
ISO27K gives prominence to the fact that a security programme is well managed by specifying controls on risk, audit, executive management support and performance indicators. There are over 200 security related controls to the IS27K certification which provide both auditable and certifiable controls to ensure security quality.
The importance of ISO27K to air transport
The European Aviation Safety Agency (EASA), for example, estimates there are 1,000 cyberattacks on aviation systems each month. With a growth in data and increasing security threats, ISO27K in the air transport industry is now crucial in providing a common frame of reference for information security.
As a standard, ISO27K is well suited to ensuring the interconnected air transport industry ecosystem is adequately protected. Importantly, it covers a risk-based approach to implementing security and encompasses protecting information assets which is critical in the digital space we now operate in. Following a defined structured approach – with international recognition from the ISO – shows that an information security management system is truly fit for purpose.
Commitment to information security
At the same time, it demonstrates our commitment to information security, highlighting the fact that appropriate processes and procedures for information security management have been defined, documented and embedded in SITA’s practice and policies.
Importantly, we also help our airport customers achieve certification. SITA’s Airport Solutions Services for Changi Airport Group (CAG), for example, have met the ISO/IEC 27001:2013 certification. This specifies the requirements for establishing, implementing, maintaining and continually improving a security management system. It also covers the assessment and analysis of information security risks.
So it goes without saying that having been granted certification for SITA’s global IT Command Centers – which are critical to our airline, airport and other customers’ mission critical operations across the globe – we are proud to demonstrably show our commitment to data security. In an increasing data-driven digital air transport industry, we fully understand its significance for our many customers.