ISO/IEC 27001:2005 Certification


Numerex is the first machine-to-machine (M2M) service provider in North America awarded the prestigious ISO/IEC 27001:2005 (“ISO 27001”) information security-related certification. We follow an ISO-sanctioned systematic approach in the implementation of security controls, which encompass people, processes, and IT systems. ISO certification means the M2M data that we process and transport on behalf of our customers maintain the strictest levels of confidentiality, integrity, and availability.

While there is no single silver bullet when it comes to information security, ISO 27001 is rapidly gaining acceptance and provides a common frame of reference throughout the world. It also aligns very well with many other standards, making it the cornerstone of a comprehensive security plan.

Our ISO 27001 certification facilitates compliance not only with the Sarbanes-Oxley Act of 2002 (SOX), but also with an array of information security-related legislation and regulations in Numerex’s markets, such as utilities (NERC CIP cyber security mandates), financial services (GLBA and PCI DSS), healthcare (HIPAA), government (FISMA), and across markets (state laws governing security breach notification).

In much the same way that ISO 9001 says, “We are a quality organization,” ISO 27001 indicates that information security is of paramount importance to the organization. From our people to our processes to our technology, Numerex takes a proactive path to security.

U.S.-E.U. Safe Harbor Framework Certified


Numerex joins an elite circle of companies that have established official recognition for its controls and procedure in handling private information and sensitive data.

The European Commission’s Directive on Data Protection went into effect in October of 1998, and would prohibit the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for privacy protection. While the United States and the EU share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the EU.

In order to bridge these differences in approach and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a “Safe Harbor” framework and this website to provide the information an organization would need to evaluate – and then join – the U.S.-EU Safe Harbor program.

The U.S. Department of Commerce in consultation with the Federal Data Protection and Information Commissioner of Switzerland developed a separate “Safe Harbor” framework to bridge the differences between the two countries’ approaches to privacy and provide a streamlined means for U.S. organizations to comply with Swiss data protection law. This website also provides the information an organization would need to evaluate – and then join – the U.S.-Swiss Safe Harbor program.

NERC: North American Electric Reliability Corporation

naercThe North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the reliability of the bulk power system in North America. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the bulk power system through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United States, Canada, and the northern portion of Baja California, Mexico. NERC is the electric reliability organization for North America, subject to oversight by the Federal Energy Regulatory Commission and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the bulk power system, which serves more than 334 million people.