News

Revised ISO 27001 now accepted in Europe too

There is now a European version of the revised standard for information security management systems ISO/IEC 27001 that was updated last year. This European version is identical to the global version, with the addition of a European preface.

Read the full story
ISO 27001 accepted in Europe

Five questions about the revised ISO 27001:2022

The recent revision of ISO 27001:2022 has led to changes and new opportunities for organizations involved in information security. We asked Marjolein Veenstra, Kiwa's scheme manager for ISO 27001, to delve deeper into the implications and benefits of this revision.

UK also introduces security regime for connectable products

In a synchronized move following the European Union's footsteps, the United Kingdom has unveiled its own comprehensive cybersecurity requirements for connectable products. While the EU's requirements are slated to take effect on 1 August 2025, the UK's security framework is poised to be enacted earlier, starting from 29 April 2024.

Kiwa and Hudson Cybertec join forces in cybersecurity training programs

Starting this summer, testing, inspection and certification specialist Kiwa and cybersecurity expert Hudson Cybertec are partnering to offer global training programs on the cybersecurity of Operational Technology (OT). Hudson Cybertec has been part of the Kiwa Group since last year and both companies complement each other seamlessly in terms of security and certification services. Now, their collaboration is being intensified in the field of training.

UPDATE: RED Delegated Act: Mandatory compliance to articles 3.3 d, e and f

On 29 October 2021, the European Commission adopted the RED Delegated Act activating Article 3.3 (d), 3.3 (e) and 3.3 (f) for both consumer and professional/industrial products (C(2021) 7672 1). On 12 January 2022 this supplement to the RED was officially published in the Official Journal of the European Union.

Kiwa appointed as a Notified Body for RED articles 3.3 d/e/f/g and 3.4

Kiwa is one of the first organizations to be officially listed by European Commission as a Notified Body for the Articles 3.3 d/e/f/g and 3.4, the latest activated articles of the Radio Equipment Directive (RED) (2014/53/EU). After a thorough audit procedure, Kiwa has passed all criteria and has been granted the Notified Body status, now under the sharpened rules, for RED Article 3.3 d/e/f/g and 3.4.

Smart home device

‘ISO 27001 gives us that crucial edge over the competition’

Dutch start-up Nedscaper provides Managed Extended Detection and Response (MXDR) services from the cloud. With this, the young company fully relieves customers when it comes to detecting and limiting cyber risks. Nedscaper also supports organizations that want to organize their own cyber security and provides compliance services. Lead compliance consultant Steijn Scheutjens explains how Nedscaper deals with digital information and recently saw its efforts in this area awarded with an ISO 27001 certification.

Digital information stored in the cloud. Limit the risk with ISO 27001 certification by Kiwa.

Kiwa certifies Amsterdam UMC for ISO 27001 and NEN 7510

There are few sectors where privacy and information security have a higher priority than in healthcare, where almost all processed and recorded data is confidential. Recently, Amsterdam UMC - the merger organization of AMC and VUmc - certified with Kiwa for the ISO 27001 and NEN 7510 standards. Marcel van der Haagen, data protection officer at Amsterdam UMC, elaborates on this.

In 7 steps towards ISO 27001:2022

ISO 27001, the globally recognized standard for information security, underwent an update. The revised standard ISO 27001:2022 was published on 25 October 2022 and contains several technical corrections and a completely revised Annex A. A transition period of three years applies to the renewed standard, which means that certified organizations must have transferred by November 1st 2025, at the latest. Below are the seven necessary steps before executing the transition audit.

IT assurance reporting increasingly popular, but what exactly is it?

The growing number of requirements for information and IT security instigates more and more organizations to demonstrate that they have done everything within reach to comply with applicable laws and regulations and that they work according to recognized quality and information security standards. In addition to certification in accordance with the ISO 27001 standard for information security, an increasing number of organizations is opting for IT assurance reports such as ISAE 3402 and SOC 2.