News

Cyberattacks are becoming more advanced, but the most vulnerable link often stays the same: people. That is why Kiwa provides training that makes organizations aware of digital and physical risks and shows employees the role they themselves play in cybersecurity. According to Kiwa’s Fabian Dijkman, the key to cybersecurity lies not only in technology but also in behavior and culture. ‘Cybersecurity does not start with technology but with people’s safety awareness.’

Cyber threats are increasing and organisations in vital sectors must better protect themselves against these digital risks. This article explains how ISO 27001, NEN 7510 and the new European NIS2 directive work together to strengthen information security. It describes the similarities between the standards and the directive, includes a practical step-by-step guide to meeting NIS2 requirements, and shows how Kiwa can support organisations in this process.

Information security remains a top priority in healthcare. With the 2024 revision of NEN 7510, there is now a standard that is better aligned with international frameworks such as ISO 27001. But what does this mean in practice for healthcare organizations that are certified or aiming for certification? Rutger Fugers, scheme manager at Kiwa, explains the key changes, points of attention and benefits of the revised standard.

The Dutch Accreditation Council (RvA) has recently accredited Kiwa for the revised NEN 7510 standard. This accreditation allows Kiwa to audit and certify its clients in accordance with NEN 7510:2024. With this step, Kiwa further aligns with the already revised ISO 27001:2022 standard.

To implement AI safely and responsibly, international standards such as ISO 27001 and ISO 42001 play a crucial role. While ISO 27001 focuses on data protection, an AI management system (AIMS) under ISO 42001 is designed to manage and optimize the use of AI within an organization. By combining ISO 27001 and ISO 42001, businesses can develop a stronger and more proactive approach to information security.

Cybersecurity has been a passion of mine for years. My journey in this field began out of curiosity, leading me to specialize in web penetration testing. Since joining Kiwa, my focus has shifted to IoT security, with an emphasis on testing against standards like ETSI EN 303645. One topic that consistently fascinates me is input validation—an area where web penetration testing and IoT security assessments often intersect.

To keep quality standards relevant and up-to-date, they are periodically revised. Following the revision of ISO 27001 in 2022, a new version of the NEN 7510 has recently been published. Below, we highlight some of the key changes in the NEN 7510:2024.

I am Jelte Derksen, an ethical hacker working at Kiwa NL. I got into the field of ethical hacking after initially pursuing studies that were, frankly, a terrible fit. Consequently, I pivoted into IT as a SCADA administrator. Once I had a solid grasp of the basics, I transitioned into IoT development and Data Engineering before landing in the field of security.

Recently, Kiwa extended Heijmans' ISO 27001 certification, affirming Heijmans' efforts in information security. Raymond van Ommeren, quality coordinator at Heijmans, discusses the importance of this certification.

The EN 18031 standards series is a new set of standards developed by CEN-CENELEC to demonstrate compliance with RED Delegated Regulation (EU) 2022/30. Development of these standards began in June 2022, and they have now been published. Kiwa has applied for accreditation to conduct testing for the EN 18031 series of standards.

When a standard is no longer up-to-date, it needs to be revised. This happened with ISO 27001 for information security in 2022. In the years following, the standard received several minor updates, resulting in three different versions: ISO/IEC 27001:2022, ISO/IEC 27001:2023 and ISO/IEC 27001:2024.

Testing, inspection and certification specialist Kiwa and assurance and cybersecurity expert Securance have announced a strategic partnership to jointly enhance their services in the fields of risk management and cybersecurity. This collaboration combines Kiwa's extensive certification and compliance expertise with Securance's innovative risk management and cybersecurity solutions.

In a synchronized move following the European Union's footsteps, the United Kingdom has unveiled its own comprehensive cybersecurity requirements for connectable products. While the EU's requirements are slated to take effect on 1 August 2025, the UK's security framework is poised to be enacted earlier, starting from 29 April 2024.

Starting this summer, testing, inspection and certification specialist Kiwa and cybersecurity expert Hudson Cybertec are partnering to offer global training programs on the cybersecurity of Operational Technology (OT). Hudson Cybertec has been part of the Kiwa Group since last year and both companies complement each other seamlessly in terms of security and certification services. Now, their collaboration is being intensified in the field of training.

On 29 October 2021, the European Commission adopted the RED Delegated Act activating Article 3.3 (d), 3.3 (e) and 3.3 (f) for both consumer and professional/industrial products (C(2021) 7672 1). On 12 January 2022 this supplement to the RED was officially published in the Official Journal of the European Union.

Kiwa is one of the first organizations to be officially listed by European Commission as a Notified Body for the Articles 3.3 d/e/f/g and 3.4, the latest activated articles of the Radio Equipment Directive (RED) (2014/53/EU). After a thorough audit procedure, Kiwa has passed all criteria and has been granted the Notified Body status, now under the sharpened rules, for RED Article 3.3 d/e/f/g and 3.4.