ICT Institute is ISO 27001 certified
| Sieuwert van Otterloo |
ICT Institute has a ISO 27001-certified information security management system. After helping many other companies, we decided that we should ‘eat our own advice”. We used our own templates and workshop material to create procedures for our own company. We have been certified in December 2021 and will be reaudited every year.
Norm and scope
We have been certified against the norm ‘NEN-EN-ISO/IEC 27001:2017+A11:2020 nl‘. This is the latest version of the ISO 27001 norm. This norm applies to the information security processes of the company. To get certified, we had to create a policy (published here). We also had to create procedures, do an internal internal audit and a two-phase external audit.
The scope of our certification includes all our activities. The formal scope statement is:
The information security related to advisory services (consultancy), research, training and supporting processes.
This includes all our professional services. Nothing has been placed out of scope.
We have been audited by Digitrust, one of the accredited ISO-certification firms in The Netherlands. We conduct many audits and have several ISO 27001 lead auditors, but a company cannot audit and certify itself.
What does ISO 27001 certification mean
Certification does not guarantee that we will never be hacked or make mistakes. It means that we have processes in place to control information security risks. We have procedures for for instance access control, logging and monitoring and incident management.
Anyone who has followed the news in 2021 will understand that cyber security incidents can happen at any company, large or small. We will continue to do our best to minimise risks and act professionally and use our certified processes to our advantage.
Want to know more?
Dr. Sieuwert van Otterloo is a court-certified IT expert with interests in agile, security, software research and IT-contracts.