Security Verified is an open standard for the information security of organisations. Any organisation that handles valuable data or personal data is obliged to take care of information security. ‘Security Verified’ makes it easy for organisations to prove that they have taken such steps.
Security Verified background
Security Verified was created in summer 2016, as a response to questions from several smaller technology startups. For these organisations, proving their commitment to security and user privacy is extremely important. Many available standards however where either not open, did not provide a certification option, or seemed more geared towards large and corporate organisations. With ICT Institute we were familiar with many existing information security standards, due to our work reviewing IT systems and giving advice on information security. We recognised the gap of an more applicable and modern standard with a faster certification process, and designed the process together with our network of security experts and our clients.
In August 2018, the standard was updated. One of the goals of the update was to make it easier for companies to comply to GDPR, by including the must-have elements from GDPR directly in the standard.
The standard consists of the following elements
- The Security Verified requirements – a short checklist with the exact criteria for the certificate
- The Security Verified certificate register– This list allows anyone to check which organisations have obtained a certificate.
- The information security review process used for checking whether organisations qualify for a certificate.
- Information security resources, including standards, innovative companies and professional organisations.
In addition, the following articles are recommended reading, in the following order
- Getting started with information security
- Creating an asset inventory
- A simple risk management approach
- Password policy rules
- Cryptographic controls policy
Standard maintenance and versions
The standard is maintained by the ICT Institute information security team, consisting of Sieuwert van Otterloo, Floris van den Broek, Joost Schalken and other experts. The standard is versioned, based in year.month and the current version is 2018.08.
All material of the standard is can be shared under a creative commons license. Specifically anyone can use the requirements checklist as a guideline for audits or reviews of their own information security management system.
The Security Verified logo and name can be used by organisations that have a security verified certificate to refer to their certificate. For more details and the full color logo, see the Security Verified register.