ISO 27001 and ISO 27002
Let's start with two frameworks of standards that are seen as the international standard for information security. The first is ISO 27001, which describes how to deal with all information. The purpose of the standard is to ensure that all available information is properly processed with regard to confidentiality, integrity and reliability. Important factors in a world where information security and privacy combine in one are therefore particularly high on the agenda.
The ISO 27002 standard describes the control measures and is therefore possible can be seen as a deepening of ISO 27001. In ISO 27002 you will find for example, what measures you can take to ensure that you meet the requirements of the first standard.
These standards frameworks are of great importance. On the one hand because you are sure know that you meet the requirements for information security and security of personal or sensitive data in general. On on the other hand, this is a signal to your customers and partners; you late using these two frameworks of standards, you can see that you have put your security, which immediately turns you into a reliable partner.
NEN 7510 is also one of the standards frameworks with regard to the security of personal data. This framework of standards is mainly used within healthcare, because it is about processing and availability of patient data, for example in hospitals or files available online. The NEN 7510 is also Dutch framework of standards, but is known across the border; your international partners know what this means or can easily look it up themselves.
PCI-DSS; another framework of standards of great importance
PCI-DSS is also about data protection, but here it goes it is a specific (and important) form of data. The abbreviation stands for Payment Card Industry Data Security Standard and this already indicates clear what this is all about; safety while doing of payments. This standard has been set by Visa, Mastercard, Discover, JCB and American Express. It has quickly become an important one standard that is highly valued. This also applies here not only is important because the safety of your customers is important is, it is also important because it helps you build a good reputation.
The standards drawn up within PCI-DDS differ per provider and industry. It looks at the nature of the business to look at under which rules you fall. As a payment provider you have to follow different rules than if you are, for example, a retailer.
BIO has nothing to do with biology, it is again about the information security. Not in a specific area, but within one certain sector. BIO stands for Baseline Information Security Government and with that we once again have a real Dutch framework of standards to grab. It is about the way in which the authorities (from local to national) handles information. You can think of the collection, availability, distribution and security of personal data of the citizen.
BIO is relatively new; it was instituted on January 1, 2020 and replaced on that moment used the various divergent frameworks of standards were within the governments.
So many standards frameworks; so many rules
Before you get started with the standards frameworks and drawing up measures, there are a number of things you should know. Not all companies have to comply with all rules within the standards frameworks. At the same time, standards frameworks can be interesting for you, despite that you do not have to comply with it. For example when you are international attract business partners and protect your network and website clearly.
What is at least as important is that there is no one static situation. Rules change, measures are adapted and there must be regular testing. Information security, shielding of personal data and the way in which data can be processed and may be; it is a dynamic whole within which many factors getting together.
It is therefore important that your information security is always up to date and tested. Only in this way you can be sure that you meet the requirements of the standards frameworks that are relevant to your company. Regularly conduct tests, for example by ethical hackers or let it off conducting pentests is a useful way of obtaining all possible insights to get about the state of your information security. That's how you know it everything is well organized.
Handing over information security
You can choose to have your own data specialists on your information security on the basis of the prepared frameworks of standards that apply to your company. If desired, we can perform periodic tests to review security and to see if your security still meets all the requirements. You can there also choose to contact us directly, so that we can work together go through options to get your security in order with in view of the standards frameworks.
Do you want to know more or do you want to engage us today? Then take especially contact us without obligation so that we can proceed directly to you personally can help. Let us in to keep others out!