Blogs & Articles
Suprema's Commitment to NIS 2 Compliance: Prioritizing Data Protection and Privacy
August 29, 2024

As a global leader of AI-based security solutions, Suprema is committed to complying with the increasingly stringent data protection regulations worldwide, including the NIS 2 Directive (Network and Information Systems Directive 2), a European Union directive that specifies cybersecurity requirements. Suprema prioritizes the protection of personal data and adheres strictly to both the NIS 2 and the General Data Protection Regulati+on (GDPR) to safeguard customer information.

 

Suprema’s Commitment to NIS 2 Compliance

Recognizing that the security of customer data is directly connected to company’s trust, Suprema has implemented a series of measures to comply with the NIS 2 Directive. The NIS 2 Directive applies to sectors such as energy, transportation, banking, finance, digital infrastructure, and public administration services. Suprema ensures that its access control systems meet the requirements of the NIS 2 Directive when providing solutions in these specific fields. The company's leadership and board are actively involved in managing cybersecurity and physical security strategies, supported by a dedicated security organization that continuously evaluates, monitors, and mitigates risks in line with NIS 2 requirements. All products and services are developed under stringent security protocols, ensuring that critical data is encrypted during storage and transmission. Should any vulnerabilities be identified in their products, Suprema acts swiftly to address them and communicates these actions transparently.

In addition to strengthening physical security, Suprema rigorously protects sensitive areas such as data centers and R&D laboratories with biometric and card-based access control systems, ensuring strict control over access to offices and sensitive zones. The company’s key systems and services are monitored 24/7 by a dedicated security team, guaranteeing rapid detection and response in the event of a security incident. After an incident, detailed analysis and documentation are conducted to prevent recurrence and improve security posture. Suprema also ensures that its supply chain partners, outsourcing services, and third-party providers adhere to the same high security standards through regular security assessments. Employees receive ongoing security training to raise awareness of cyber threats, and the company continuously evaluates and updates its internal management plans and policies to comply with global security regulations.

 

How Suprema’s Hardware and Software Work Together to Ensure Data Security

Suprema’s access control hardware is designed from the early stages of development to prevent external hacking attacks and protect data. The company’s high-performance edge devices securely store and manage user and biometric authentication data at the edge, utilizing advanced security technologies to encrypt all sensitive data. These devices are equipped with Secure Element (SE) chips, which store encrypted personal data and cryptographic keys in an isolated location, preventing decryption in the event of a data breach.

Suprema applies robust data protection and cybersecurity measures in its software development as well. Suprema implemented ‘Secure Coding’ to prevent security vulnerabilities and uses ‘Secure Boot’ to ensure safe system startup by restricting the download of unauthorized software. Additionally, sensitive data is protected using AES 256 and SHA256 encryption methods, and the full lifecycle of encryption keys is securely managed through a Key Management Solution (KMS). Suprema also conducts regular static analysis, penetration testing, and collaborates with its information security team from the development stages to identify and mitigate security issues.

Even in AI-Based biometric authentication data analysis R&D, Suprema remains committed to compliance with the NIS 2. As Suprema advances in the analysis of biometric authentication data and continues to develop new AI solutions, strict adherence to NIS 2 guidelines is maintained throughout the entire process. All data used in AI research and development is transparently collected and processed in full compliance with GDPR and NIS 2. Data collection is based on user consent, and personal identifying information is protected through a thorough de-identification process. Additionally, to ensure the security of AI algorithms, Suprema conducts regular security testing and implements protective measures against potential threats. These steps are designed to maintain the reliability of AI algorithms while ensuring they can effectively respond to external attacks.

 

Suprema Helps Companies Adhere GDPR and NIS2 Regulations

Suprema's integrated security platform, BioStar 2, is designed to help customers build a robust security system that integrates both physical and cybersecurity. BioStar 2 adopts the latest security protocols and supports multi-factor authentication (MFA) to ensure the security of networks and IT systems. This prevents unauthorized access and strengthens data security. To further enhance the stability of BioStar 2, Suprema has implemented business continuity and crisis management plans to prepare for any cybersecurity incidents that may occur during platform operations. These plans ensure that the core functions of BioStar 2 continue to operate even during unexpected interruptions, guaranteeing swift and effective recovery. All data managed by BioStar 2 is securely protected using AES-256 encryption, one of the safest encryption methods currently available. This ensures that sensitive data remains safe from hacker attacks during storage and transmission. Additionally, Suprema conducts regular data security checks to continuously verify the integrity of the system and has established a framework to identify and respond to potential threats in advance. Thanks to its stable system design and security policies, BioStar 2 has established itself as a security solution that customers can trust. BioStar 2 offers the highest levels of stability and security in protecting customers' critical assets and data.

Suprema adheres strictly to GDPR and NIS 2 regulations across all stages of product development and operation. To demonstrate its global data security capabilities, the company regularly renews its ISO/IEC 27001 and ISO/IEC 27701 certifications. Recently, Suprema also acquired CSA Star Level 2 certification to enhance cloud security and boost trust in data protection for biometric and personal information in cloud environments. As new IT technologies emerge and data protection demands intensify, Suprema invests significant time and resources in ongoing research and updating of its security policies. Suprema will continue to work tirelessly to provide secure and reliable security solutions to customers worldwide.