COMPLIANCE SERVICES - ISO 27001 / 27701 / NEN7510 / NIS2 / TISAX
Securesult supports clients in achieving NIS2 and data protection compliance, and certification in ISO 27001, ISO 27701, NEN7510 and TISAX.
Our team of experienced consultants are here to help you assess your current security posture and implement regulatory required controls, enabling you to demonstrate the highest standards in data handling, and compliance with GDPR and NIS2.
With an ISO certification, organisations can provide assurance that their customers information security is treated seriously, and their data is secure against theft or loss. With a clear understanding of key assets and the risks they are exposed to, organisations can build trust and improve relationships with clients, giving them a competitive advantage.
Reach out to our team of specialist consultants to find out how we can guide your organisation towards certification and regulatory compliance.
Why Securesult?
Experienced & certified consultants
Our highly experienced and qualified consultants have a proven track record of helping organisations achieve ISO 27001, ISO 27701, NEN7510 and TISAX certification.
We work with our clients’ individual needs, and are committed to providing the best possible service, from initial assessment to final audit.
Guided by your individual needs
We begin our guidance process by performing a baseline measurement, translating our findings for complete transparency of your organisations current position.
Our consultants will work with you to determine the knowledge, experience, and availability of your teams, establishing a defined process to certification based upon your unique requirements.
Information Security Management System (ISMS)
Our consultants support organisations in creating a simple and clear ISMS.
This enables them to demonstrate the highest standards in protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. We work with our clients through a defined process that allows external audits to run more smoothly, ensuring all documentation is stored digitally and is available in one platform. This will help to streamline the process for complying with standards like ISO 27001, NEN 7510, TISAX and ISO 22301, which in turn can provide a good framework for complying with NIS2.
Proven approach
Through many years of experience assisting clients to achieve certification, we have developed a proven method that enables us to provide organisations a targeted analysis of their current information security posture.
Our findings are presented clearly, and guidance is given as a practical step-by-step plan, ensuring your journey to completion is smooth, and without any surprise costs.
Data Protection Officer as a Service
Public bodies and organisations that process large amounts of data, or regularly monitor individuals, must appoint a Data Protection Officer (DPO) under GDPR requirements.
Securesult consultants can help organisations lacking this structural internal solution by providing a DPO as a Service. Our Senior Privacy Consultants specialise in data protection and are registered DPO’s with the Data Protection Authority.
Our Data Protection Officer’s act as independent internal supervisors, enabling organisations to meet the requirements of GDPR. Reporting regularly to the board or the highest management level, the DPO ensures that organisations process the personal data of their staff, customers, suppliers, or other third parties (data subjects) in compliance with data protection rules. We act as a contact point for data subjects and the Information Commissioner’s Office (ICO), and aid with the monitoring of internal compliance. Our DPO’s provide organisations with advice regarding Data Protection Impact Assessments (DPIAs), and guidance on their data protection obligations.
Certifications
Our experienced consultants can help you achieve certification to one or more of the following standards, enabling you to demonstrate to your customers that you have implemented a comprehensive information security management system.
By gaining certification, organisations can ensure that their compliance with laws and regulations is improved, whilst also securing the reputation of their business and reducing the risk of suffering a data breach.
ISO 27001
ISO 27001 is the most widely recognised information security standard in the world, providing a framework for organisations to identify, assess, and manage risks to their information assets.
We provide customised support for clients looking to obtain certification, allowing them to demonstrate to customers, partners, and shareholders that essential steps have been taken to protect data in the event of a breach. In turn, this ensures that the financial and reputational costs of a data breach are minimised. ISO 27001 certification provides a good framework for complying with NIS2.
NEN 7510 / 7512 / 7513
NEN 7510, NEN 7512 and NEN 7513 are the Dutch standards providing guidance to healthcare organisations for protecting the confidentiality, integrity, and availability of patient data.
NEN 7510 is the main standard and a comprehensive framework for information security management in healthcare, providing guidance for risk assessment, incident management, access control and data protection.
NEN 7512 offers guidance on the security of data exchange between healthcare organisations, ensuring patient data is shared securely and in accordance with the law.
NEN 7513 specifies the requirements of healthcare organisations in the logging and monitoring of their activities, assisting in the detection and response of security incidents.
ISO 27701
ISO 27701 is the privacy information management standard and an extension to ISO 27001, relating to the management of Personally Identifiable Information (PII) within your organisation.
The framework focuses specifically on privacy protection and compliance with GDPR/AVG, and provides guidance on how organisations can collect, store, use, and dispose of personal data in a way that meets with privacy laws and regulations. ISO 27701 certification provides a good framework for complying with NIS2.
Baseline Information Security Government (BIO)
The Baseline Information Security Government (BIO) is a set of security controls that are mandatory for all government organisations in the Netherlands.
It is based on the ISO 27001 standard and provides a framework for organisations to identify, assess, and manage risks to their information assets. An ISO certification can be a prelude to government organisations looking to comply with the BIO.
Trusted Information Security Assessment eXchange (TISAX)
The Trusted Information Security Assessment eXchange (TISAX) is a set of security controls that are mandatory for all Original Equipment Manufacturer (OEM) in the Automotive sector.
TISAX is an assessment and exchange mechanism for the information security of enterprises and allows recognition of assessment results among the participants.
An ISO certification can be a prelude to automotive organisations looking to comply with the TISAX.
Our approach
Preparation
Before testing, we conduct an intake interview with your organisation to agree the starting points and the scope for certification.
We will assess the organisation’s current information security posture, helping to identify any gaps in their security controls, and areas where improvement is needed.
Baseline measurement
We provide a free baseline measurement, carrying out a Fit-Gap analysis and risk assessment to determine your current position.
During this phase, we provide insights into our working method and an idea of what the certification will mean for your organisation. Following this, we will discuss an offer for the certification process, taking into account the size of the organisation, complexity of ICT, and the type of business.
Implementing an ISMS
The next phase involves setting up an ISMS with all ISO documentation and other background information.
You will have access to your dashboard where information regarding your security posture is clearly outlined, demonstrating areas of good hygiene, areas for improvement, and where information is missing. We provide our clients with a detailed roadmap for improvements, and a suggested plan of action outlining our estimated costs.
For organisations who have their own ISMS in place, we can offer support in getting set up and completing the required information.
Guidance to certification
Your options include:
Self-certification
For organisations looking to certify their own compliance with a standard, you can access our support for issues that may arise, or where you do not have the expertise. However, you are in control of our efforts.
Assisted Certification
This option allows organisations to take on some of the tasks, whilst sharing others with us, allowing us to help you move quickly and effectively towards certification. We provide templates that are pragmatically tailored to your organisation, and work with you to determine how we plan to collaborate throughout the process.
Outsourced Certification
For organisations requiring our full support, we will conduct the entire process from start to finish, ensuring your organisation achieves their desired certification.
Certification
Our auditor performs a pre-audit to determine whether everything is in order. An independent and accredited auditor then conducts the certification assessment.