open standard Security Verified updated
| Sieuwert van Otterloo |
Security
Last month (feb 2024), the 2024 version of the open information security standard ‘Security Verified’ was released. This new version contains small changes to make it more readable and easier to combine with the latest version of ISO 27001.
Standard background
Security Verified was created in summer 2016, to fulfil the need of small and midsize technology companies to be certified for Information Security and privacy. Unlike existing standards, the standard is freely available, more concrete and faster to audit, and includes GDPR since it was made for EU organisation. Any organisation can use the standard and can also opt to get certified. Since then, 30 organisations have been certified against this standard. The standard is a good alternative for organisations that want to demonstrate their efforts, but that do not want a long or complex implementation project.
2024 revision
The standard is reviewed every 3-4 years to make sure it is up to date. This time, the criteria were re-arranged to match the order of the new ISO 27001:2022 and ISO 27002:2022 standards. This makes it easier for companies to use both standards, or to upgrade to full ISO 27001 certification later.
The new standard has eight chapters. The first four chapters are mandatory (each requirement must be demonstrated). The last four chapter contain recommended controls. At least half must be implemented.
- Leadership, team and resources
- Risk management
- Operations
- Privacy and GDPR
- Organisational controls
- People controls
- Physical controls
- Technological controls
Where to find the standard
The standard is available in Dutch and English in an excel format:
- Security Verified requirements EN 2024 (English version)
- Security Verified requirements NL 2024 (Dutch version)
The full text is also available on a web page here: Security Verified requirements.
Dr. Sieuwert van Otterloo is a court-certified IT expert with interests in agile, security, software research and IT-contracts.