News

Kiwa officially accredited for ISO 27001:2022

The Accreditation Council (RvA) has accredited Kiwa as of the 1st of February 2023 for assessment according to the ISO 27001:2022 standard for information security. This means that as of the 1st of March 2023 Kiwa may issue recognized certificates according to the latest version of ISO 27001. A transition period of three years applies to ISO 27001:2022. Certified organizations must therefore have transitioned by the 1st of November 2025.

Read the full story

‘ISO 27001 certification solid basis for information security’

Since 1991 Dutch company H&R Business IT Solutions has been supporting organizations in developing and managing their complete IT environment. The Utrecht family business offers an extensive service portfolio to this end, varying from consultancy, project management, implementation and migration to workplace design and data and cloud solutions.

IECEE appoints Kiwa for the IEC 62443: Cyber security for Industrial Automation and Control Systems

The IEC System of Conformity Assessment Schemes for Electrotechnical Equipment and Components (IECEE) recently appointed Kiwa to carry out assessments and certifications in the context of the series of standards IEC 62443. Kiwa was already partially accredited, but this accreditation has now been expanded to include even more parts of the standard. To qualify for this allocation, Kiwa successfully completed the IECEE Certification Body Testing Laboratory (CBTL) and National Certification Body (NCB) audits.

Transition to new version ISO 27001

The new version of ISO 27001 was published on 25 October 2022. A transition period of three years applies and certified organizations must therefore have switched to ISO 27001:2022 on November 1st 2025. Below we have listed the most important information about the transition process.

ISO 27001 standard for information security revised

Recently, the ISO 27001 standard for information security received an update. The revised standard was published on 25 October 2022. The updated standard has been aligned with ISO 27002:2022 published in February this year and includes some technical corrections. ISO 27001:2022 is subject to a three-year transition period. This means that certified organisations must have switched to ISO 27001:2022 by autumn 2025.

The most important changes to the revised ISO 27001 and ISO 27002

On February 15, 2022, the new version of the ISO 27002 standard was published. The ISO 27002 is an extension of the ISO 27001 standard for information security and specifies the requirements of an Information Security Management System (ISMS). The extension provides best practices for security controls and measures that you can implement to improve your security. Although ISO 27002 is not a certifiable standard, this revision does have consequences for organizations that are or want to become ISO 27001 certified. That is why we share the most important changes with you.

Video: Combined certification ISO 9001, 14001 and 27001 at T-Mobile

Within three months towards recertification for the internationally recognized standards ISO 9001 (quality), ISO 14001 (environment) and ISO 27001 (information security). Kiwa and T-Mobile Netherlands recently achieved this in a compact process in which recertification against these three standards was combined.

Kiwa accredited for ETSI EN 303 645 cybersecurity testing

Kiwa was recently accredited by the Dutch accreditation council RvA as the first Notified Body (NoBo) for testing and assessing the cybersecurity of IoT consumer products. By independently assessing the cybersecurity of 'smart' devices such as doorbells, thermostats, tv’s and lighting, manufacturers can ensure that consumers are less likely to become victims of cybercrime.

Revision ISO 27002: simplification and modernization

To ensure that quality standards remain relevant and current, they are reviewed at least every five years. For that reason, the ISO 27002 was recently revised. This standard contains the practical guidelines and control measures for management systems for information security (ISMS) that are inextricably linked to the information security standard ISO 27001.

Delegated Regulation RED compliance cybersecurity IoT products published in OJEU

The Official Journal of the European Union (OJEU) has published the Delegated Regulation (2022/30/EU), making compliance to the RED (2014/53/EU) articles 3.3 (d), (e) and (f) mandatory for cybersecurity aspects of IoT products. The Delegated Regulation will come in effect on the 1st of February 2022. After a transition period, compliance will become mandatory from 1st of August 2024.