ISO/IEC 27001:2013 –Information Security Management Systems 

IRIS Corporation Berhad (IRIS) has been awarded the ISO/IEC 27001:2013 certification in recognition of its standardized best practices and effective information security management system (ISMS) for digital identity security across the organisation.

The ISO/IEC 27001:2013 certification demonstrates IRIS’S obligation to leverage on domestic and international expertise to embrace global standards of service provision in compliance with applicable regulatory requirements to further its business objectives and scientific goals, and provide superior quality to its sponsors.

The standard ensures controls are in place to reduce the risk of security threats and to avoid system weaknesses being exploited. It will also help IRIS to develop a business continuity plan that will minimize impact of any security breaches.

IRIS recognises the important of this certification and acknowledges that ISO/IEC 27001:2013 will ensure employees in the organisation-from management to technical staff-to get on the same frequency regarding goals, individual duties, improving communication and ultimately results.

In summary, this achievement signifies IRIS’S commitment to deliver the highest quality information security management system for our customers worldwide.

ISO 9001:2015 – Quality Management Systems

ISO 9001:2015 sets out the criteria for a quality management system and is the only standard in the family that can be certified to (although this is not a requirement). It can be used by any organization, large or small, regardless of its field of activity.

In fact ISO 9001:2015 is implemented by over one million companies and organizations in over 170 countries. Where any requirement(s) of ISO 9001:2015 cannot be applied due to the nature of an organization and its product, this can be considered for exclusion.

The standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. Using ISO 9001:2015 helps ensure that customers get consistent, good quality products and services, which in turn brings many business benefits.

AMEX (American Express) – Certified to personalise credit and debit cards

American Express, also known as Amex, currently has over 109.9 million cards running on its proprietary network, these include consumer, small business and corporate cards issued by American Express themselves and cards issued by its Global Service Network partners that run on its network (Such as Westpac and NAB in Australia and Lloyds Bank and Barclays Bank in the UK). American Express is also the largest card issuer in the world based on purchase volume and it is the 4th largest card issuer in the world, based on the number of cards it has personally in circulation.

MEPS (Malaysia Electronic Payments Scheme) – Certified to personalise ATM cards

In this national initiative, MEPS was responsible for the development of the technical standards and specifications for the smart cards, card acceptance devices, loading and communication protocols, technical integration support and coordination of the card supply and personalisation operations.

Today, MEPS is the sole certification authority in Malaysia for the Payment Multipurpose Card (PMPC) scheme in particular for the certification of the ATM/e-Debit cards and personalisation centres. These certifications are undertaken to ensure that the cards issued by member banks are in compliance with the technical and security standards specified in the PMPC ATM/e-Debit Application Specification and the cards are personalised in a trusted and secured personalisation centre. The detailed verification and validation during MEPS certification process give card issuers (i.e. banks) a high degree of confidence when issuing MEPS’ certified cards and subscribing to the services of MEPS’ certified personalisation centres.

In addition to certification, MEPS also manages the business and technical process of Key Management Business i.e. key distribution, key transfer for financial institutions, vendors and business partners and functions as the one-stop centre for the generation of card personalisation files i.e. fabrication files, crypto key management etc. MEPS complies with the latest security procedures which are industry best-practice to ensure that card information is kept secure and tamper-proof during the course of a transaction.

Europay, MasterCard and Visa (EMV) – Certified to personalise both credit and debit cards for the banking sector

Compatible terminals enable card dipping for chip and PIN or chip and signature authentication. EMV cards can also support contactless payment through near-field communication (NFC) wireless connectivity. When a customer inserts or taps the payment card, the terminal communicates with the card issuer’s system for authentication and a single-use transaction code is issued. The customer inputs their PIN or signs to provide two-step verification. PIN entry is considered more secure because it also provides two-factor authentication: something the user has (the card) and something the user knows (the PIN).

ISO 14298:2013 (INTERGRAF) – Security Management System for Secure Printing 

Intergraf ISO 14298 specifies requirements for the management of security printing processes.

Our commitment to the Intergraf ISO 14298 security management system, together with active and proactive risk management, enhances our strength and resilience to risk and potential threats.

At IRIS, the Intergraf ISO 14298 certification extends trust and demonstrates our competence, particularly in:

  • Aligning with the industry standard for quality and information security management (ISO 14298 aligns with ISO 2700);
  • Supporting most, if not all, preferred supplier status and/or tender responses;
  • Clearly setting out how to address and manage the key security printing or supplier requirements;
  • Demonstrating how information and printing/supply chain systems are safeguarded;
  • Helping us and our customers to prepare for the unexpected; and
  • Securing market differentiation.

ISO 14001:2015 – Environmental Management Systems

IRIS’ Environmental Management System (EMS) Policy & Objectives

IRIS is committed to the design, development, manufacture, and application of secure identification products and solutions while ensuring the environment is protected and that compliance obligations are fulfilled.

In continually improving the environmental management system and protection of the environment, including preventing pollution, IRIS has set the following objectives:

  1. Reduction of hazardous waste generation and the safe handling in the aspect of transportation and disposal of such waste;
  2. To achieve zero (0) major chemical spillage; and,
  3. To achieve zero (0) environmental management related fine or violation issued by authorities.
© Copyright - IRIS CORPORATION BERHAD 199401016552 (302232-X) CJ No: W10-1808-22000217 CP No: W10-1808-31016567 SEO Company


Stay up to date with IRIS news and information by subscribing to one or more of our services.


Stay up to date with IRIS news and information by subscribing to one or more of our services.