open standard Security Verified updated

Last month (feb 2024), the 2024 version of the open information security standard ‘Security Verified’ was released. This new version contains small changes to make it more readable and easier to combine with the latest version of ISO 27001.

Standard background

Security Verified was created in summer 2016, to fulfil the need of small and midsize technology companies to be certified for Information Security and privacy. Unlike existing standards, the standard is freely available, more concrete and faster to audit, and includes GDPR since it was made for EU organisation. Any organisation can use the standard and can also opt to get certified. Since then, 30 organisations have been certified against this standard. The standard is a good alternative for organisations that want to demonstrate their efforts, but that do not want a long or complex implementation project.

2024 revision

The standard is reviewed every 3-4 years to make sure it is up to date. This time, the criteria were re-arranged to match the order of the new ISO 27001:2022 and ISO 27002:2022 standards. This makes it easier for companies to use both standards, or to upgrade to full ISO 27001 certification later.

The new standard has eight chapters. The first four chapters are mandatory (each requirement must be demonstrated). The last four chapter contain recommended controls. At least half must be implemented.

1. Leadership, team and resources
2. Risk management
3. Operations
4. Privacy and GDPR
5. Organisational controls
6. People controls
7. Physical controls
8. Technological controls

Where to find the standard

The standard is available in Dutch and English in an excel format:

• Security Verified requirements EN 2024 (English version)
• Security Verified requirements NL 2024 (Dutch version)

The full text is also available on a web page here: Security Verified requirements.