This article is only available in Dutch 🇳🇱
ISO 27001 and NEN 7510 certified. What exactly does that mean? This makes us one of the few digital agencies that meet the worldwide standard for information security. An important step, allowing us to give our customers even more confidence.
Information security is a high priority for us, and with the certificates we have obtained, we meet the legal requirements and contractual obligations. A fine realization moment: our processes were generally already running in line with the set standards.
In the FinTech and insurance corner, security and privacy are most important. To get this right, it is essential to gain insight into risks, to register everything and to learn from it. What helps us enormously with this and what is also an important factor, if you want such a certification process to succeed, is that we do this with the entire organization. Information security cannot be something for just the IT or marketing department. It only works if we collectively and consistently adopt the same approach. Our company consists of a club of incredibly loyal and motivated people who, always have, all proactively put their backs into it. In addition to our customers, this also gives us a great deal of confidence.
ISO 27001: information security super important, but far from being a priority everywhere
As digital activities increase, so do the number of threats and risks. Still, far from every company has its focus on security. Working with company and privacy-sensitive information is still reasonably easy for start-up companies. It becomes more difficult when the company grows rapidly and more balls have to be kept in the air. Consequently, it is often the larger companies that possess certificates; often companies choose certification in order to be able to close large contracts, where this is a requirement.
NEN7510: the extra layer of security when processing patient data
In the healthcare sector, where patient data is processed, it is a legal requirement to have NEN 7510. A specific certification that we have obtained for that purpose, because more and more clients in the healthcare sector are joining. This certificate is like an extra layer of security. With it we demonstrate that all data is safe and that everything is done according to the laws and regulations. Think about the handling of data, anonymization and log files.
For many companies, including digital agencies, there is no requirement for certification, even from clients. If something goes wrong, you are left scratching your head. For us this has always been an important motivation to pay a lot of attention to this and to have this in order.
Plan Do Check Act principle
Incidents, you can't escape them. They just happen, everywhere. The question is what you do with it afterwards, how you record it and how you ensure that the same thing doesn't happen again. We do this using the Plan Do Check Act principle; we plan our processes and actions, we carry them out in our daily work, we monitor and assess these processes and make adjustments where necessary.
Guidance from specialized companies
During the certification process, to make sure that everything followed the correct guidelines and was as efficient as possible, we enlisted the help of Vos Orbedo for support and Brand Compliance for certification.
