ICT Institute performs audits and reviews in the field of IT. We have expertise in ISO 27001, NEN7510, GDPR, and IT contracts and tenders.

The type of audits we perform

With ICT Institute we perform audits that match our IT expertise. These include:

  • Privacy and GDPR audits. In doing so, we test against the legal requirements and guidelines of the Autoriteit Persoonsgegevens
  • Information security internal audits. The internal audit is an audit commissioned by the organizations themselves on themselves.
  • Checks against contractually agreed upon IT requirements. We do this in the context of tenders, contract extensions and sometimes also IT conflicts. We then test the current situation against the contractual agreements.
  • Audits and certification against Security Verified. This is an information security standard, similar to ISO 27001 but easier to verify.

Our auditing expertise

For each audit, we ensure that a team is deployed that has the right knowledge for the audited standard. We have people with the following expertise for this:

  • CIPP/E certification. This is the most well-known privacy and GDPR certification.
  • CISA (Certified Inforation Systems Auditor).
  • Court Expert (Gerechtelijk Deskundige)
  • ISO 27001 lead auditor
  • Knowledge of programming languages (PHP, Java, C#) and IT-architecture

Audits we cannot perform

For some audits, we do plan and coordinate but leave the execution to a third party as we do not have the expertise ourselves. We unburden the client by finding the right auditors, determining the scope, helping with planning and starting the follow-up process. These include the following types of audits:

  • PEN-tests. We have a (Dutch) list of PEN-test companies who employ the required experts. Often, we base the scope on the OWASP top 10 vulnerabilities. We take care of the right planning, choice of test type and also registration with hosting provider and interpretation of findings.
  • ISO 27001 certification. We help clients implement ISO 27001. A third party certification agency will perform the external audit. More information can be found in this (Dutch) article on ISO 27001 certification.
  • NOREA audits and Third Party Memorandums. We know several registered auditors and can help you plan the audit.


Image credit: Marcus Winkler via Unsplash