ICT Institute information security and privacy
Within ICT Institute we pay a lot of attention to our own information security and the proper processing of data. The following sections provide more information.
Information Security Policy and Certification
We have an information security policy that explains how information security is regulated. This policy was certified by Digitrust in Autumn 2021. The certificate itself and more information are available on request.
Privacy
In general, the ICT Institute does not have the processing of personal data as its core activity: we have business customers for whom we conduct research into source code, IT documentation and management information. We have drawn up a privacy statement and cookie statement for the occasions where we do use personal data. This describes the protection of personal data.
Terms and Conditions and Code of Conduct
We use the general terms and conditions of the NVBI. These are client-friendly conditions with a number of well-established principles. This also mentions the NVBI’s code of conduct. With this we promise to carry out all assignments independently, with integrity and to the best of our knowledge and ability.
Extra security measures
We carry out every assignment in the manner agreed in the proposal. If extra measures are required for a project (extra encryption, extra confidentiality statement, other retention periods), we ensure that these are recorded in the proposal.
Responsible disclosure
A responsible disclosure policy ensures that ethical hackers can safely report weaknesses in our website. We do not have a formal policy for this, but support the principles: with normal, responsible investigations, we do not file reports, but we enthusiastically set to work with the report.