ISO 27001 certification: protect your business’ data

Data as a valuable asset

Information is becoming increasingly valuable. The availability of customer, production and other data is essential to your operations and long-term success. That information must therefore be properly secured. This can be achieved with a management system based on the ISO 27001 information security standard. Kiwa’s experts are here to support your journey towards certification.

Protecting sensitive business information

Many information systems still prioritize business processes or ease of use over data security. As a result, you run the risk of sensitive information about your organisation, customers or employees being exposed, not necessarily due to malicious hackers, but potentially through your own staff, for example by losing a laptop or USB stick or sending an email carelessly.

ISO 27001 certification

ISO 27001, also known as NEN-ISO/IEC 27001, enables organisations to establish a systematic approach to safeguarding the confidentiality, availability and integrity of information. The standard defines requirements for establishing, implementing, operating, monitoring, assessing, maintaining and continually improving an Information Security Management System (ISMS).

Internal audit

Organisations are free to design their ISMS to suit their specific needs. However, certain activities are mandatory, such as an internal ISO 27001 audit or risk analysis. An ISMS is essentially a working method that demonstrates compliance with ISO 27001 for information security, in other words: ‘say what you do, do what you say and prove that you did it.’

NEN 7510 for the healthcare sector

ISO 27001 certification applies to all types of organisations, from businesses and government agencies to non-profits and security providers. In healthcare, information security is especially critical. That’s why the Dutch NEN 7510 standard was developed, based on ISO 27001 but specifically tailored for the Dutch healthcare sector. NEN 7510 is often combined with NEN 7512 (data exchange) and NEN 7513 (logging of patient records). NEN 7512, in particular, aligns well with BRL 21030, the assessment guideline for alarm communication networks.

General Data Protection Regulation (GDPR)

Since the introduction of the GDPR, information security has become a top priority for many organisations. ISO 27001 certification adds value for any organisation dealing with financial risks or sensitive personal data. It is increasingly required in tenders and procurement procedures and it’s also a powerful way to demonstrate to your employees that your organisation handles confidential information responsibly.

ISO 27001 audit by Kiwa

Kiwa has many years of experience certifying companies in the field of information security. During an ISO 27001 audit, Kiwa assesses whether your organisation meets the certification criteria based on the information you provide. If gaps are identified, Kiwa will support you with an ISO 27001 roadmap to improve your internal processes where necessary. If the audit outcome is positive, certification will follow.

Combined certifications

Kiwa’s information security experts are experienced in certification processes across a wide range of industries. Their expertise is always up to date, enabling them to support you in combined certification projects, for example with ISO 9001. Several Kiwa auditors are registered EDP auditors (RE), meaning they have completed postgraduate IT Audit training after their university degree and are listed in the EDP auditors register of NOREA, the Dutch professional association for IT auditors.

Interested in Kiwa’s ISO 27001 audits or ISO 27001 certification costs? We’ll be happy to tell you more.