Evesto Achieves ISO 27001 Certification

EVesto Achieves ISO 27001 Certification

EVesto, a leading player in the Electric Mobility Sector, proudly announces its achievement of the ISO 27001 certification, an internationally recognized standard for information security management systems (ISMS). This significant milestone showcases the company’s dedication to safeguarding data and ensuring top-notch security.

ISO 27001 is the gold standard in information security, providing a systematic approach to managing sensitive company and customer information. It incorporates stringent requirements around data management, risk assessment, and implementation of security measures. By meeting these requirements, EVesto affirms its ongoing commitment to the confidentiality, integrity, and availability of information.

Commitment to Security and Trust

With cyber threats becoming increasingly sophisticated, businesses are required to implement measures that address current risks and anticipate future challenges. EVesto ‘s successful ISO 27001 certification process involved rigorous auditing of its practices, policies, and infrastructure to ensure the highest level of information security. The certification confirms that the company has a robust framework to protect against threats and secure data for internal operations and customers.

“Achieving ISO 27001 certification is a testament to our commitment to providing our clients and partners with the confidence that their information is secure,” said Riccardo Becker, CMO. “We understand that trust is critical in our industry, and this certification solidifies our pledge to uphold the highest standards of information security.”

EVesto Achieves ISO 27001 Certification
EVesto, a leading player in the Electric Mobility Sector, proudly announces its achievement of the ISO 27001 certification, an internationally recognized standard for information security management systems (ISMS). This significant milestone showcases the company’s dedication to safeguarding data and ensuring top-notch security.

ISO 27001 is the gold standard in information security, providing a systematic approach to managing sensitive company and customer information. It incorporates stringent requirements around data management, risk assessment, and implementation of security measures. By meeting these requirements, EVesto affirms its ongoing commitment to the confidentiality, integrity, and availability of information.

Commitment to Security and Trust

With cyber threats becoming increasingly sophisticated, businesses are required to implement measures that address current risks and anticipate future challenges. EVesto ‘s successful ISO 27001 certification process involved rigorous auditing of its practices, policies, and infrastructure to ensure the highest level of information security. The certification confirms that the company has a robust framework to protect against threats and secure data for internal operations and customers.

“Achieving ISO 27001 certification is a testament to our commitment to providing our clients and partners with the confidence that their information is secure,” said Riccardo Becker, CMO. “We understand that trust is critical in our industry, and this certification solidifies our pledge to uphold the highest standards of information security.”

Benefits for Clients and Partners

The ISO 27001 certification enhances internal security and brings value to clients and stakeholders. Customers can rest assured that EVesto has implemented an internationally verified set of best practices that reduce the risk of data breaches and cyber threats. It also means the company can respond quickly and efficiently to potential security incidents, minimizing potential impact.

By obtaining ISO 27001, EVesto is well-positioned to help partners and customers meet regulatory requirements, build trust, and foster relationships based on transparency and security excellence. The certification reinforces the company’s commitment to proactive risk management and robust data handling practices.

What Is ISO 27001?

ISO 27001 is an internationally recognized standard for managing information security risks. It establishes a framework for assessing risks, implementing appropriate controls, and continuously improving information security practices. This helps organizations safeguard sensitive information—from financial data and intellectual property to employee records and client information.

Moving Forward

The journey towards ISO 27001 compliance is ongoing, and EVesto is committed to continuous improvement. The company looks forward to the next audit cycle, confident in its ability to maintain the high standards ISO 27001 demands.

Learn more about ISO 27001 here: https://brandcompliance.com/diensten/iso-27001-certificering/

Exploring EVesto’s Strategy for Secret Rotation

Exploring EVesto's Strategy for Secret Rotation

As the adoption of electric vehicle (EV) chargers continues to surge, it’s crucial to recognize the escalating security risks associated with these devices. Numerous studies highlight the potential threats of using chargers without passwords or relying on unsecured HTTP connections. Thankfully, the potential for charger firmware to mitigate these risks is high and largely depends on Charge Point Management System (CPMS) capabilities. EVesto, developed using the ‘security by design’ principle, is here to transform the landscape.

The ‘Security by Design’ Principle

In essence, this principle means that security best practices are integral at every stage of development, right from the conception of the idea to its operational phase. The ‘security by design’ approach is embedded in the software code and extends to supporting security features for EV chargers.

bOne such feature is ‘rotating secrets,’ a prevalent practice in software development and cloud services. This procedure involves maintaining two secrets – let’s term them Secret A and Secret B. Initially, the device gets configured with Secret A. When the secret is due for a change or compromised, the device switches to Secret B. Secret A can then be safely discarded and regenerated, completing a full cycle of secret rotation.

EVesto’s Strategy for Secret Rotation

When an EV charger is onboarded on the EVesto platform, it receives two secrets – Secret A and Secret B. Initially, the charger gets provisioned with Secret A. Most chargers support the OCPP security profile 2, defined by the Open Charge Alliance in ‘Improved Security for OCPP 1.6-J,’ which enables the ChangeConfiguration command. From the EVesto portal, the new secret is provisioned using this command, followed by a Reset. Once the charger reconnects, Secret A can be rotated within the portal, enhancing the security of the charger.

Automating Secret Rotation: The Next Step

While this is a critical first step towards increasing security capabilities on the EVesto platform, the subsequent phase would be automating the secret rotation. This step could significantly enhance the security level of your CPMS connection. With several new features in the pipeline, we’re excited about the transformative potential that EVesto brings to the charger security space. Stay tuned as we share more updates and innovations in the coming weeks.

As EV chargers become integral to our everyday lives, ensuring their security is paramount. With innovative solutions like EVesto, developed using the ‘security by design’ principle and advanced features such as secret rotation, we can navigate these challenges and secure a safer, smarter future for EV charging.