Providing assurance to your customer is important, whether it concerns information security, quality assurance or privacy. By having your company certified, you can demonstrate that the requirements and needs of your customer and their stakeholders are met. There are different standards, each focusing on a different part of the management system.
Below you will find an overview of the most requested standards. If you would like more information about one or more of these standards, please contact us via the button below.
Combining audits offers certain advantages. It not only saves time and money, it also reduces the audit pressure within the organization: Your employees only have to give insight into their daily activities once and can therefore get back to work faster. For example, it is possible to combine ISO audits with Assurance statements.
Request our whitepaper for more information.
Uw klanten zien graag dat uw organisatie aan de juiste eisen voldoet. Met een ISO 9001 certificaat kunt u aantonen dat er aan de needs and requirements of customers wordt voldaan en wordt de betrouwbaarheid van uw producten of diensten verhoogd. De ISO 9001 norm helpt uw organisatie met het beheersen en verbeteren van de quality management..
The requirements of this internationally recognized standard include the following topics:
The ISO 22301 standard concerns Business Continuity Management (BCM). Bij het BCM wordt gekeken naar de voorbereiding van de organisatie op het onverwachte en het vermogen om op een vooraf vastgesteld, aanvaardbaar niveau de producten of diensten te leveren na een incident.
Bij de ISO 22301 wordt onder andere gekeken naar:
Daarbij wordt gekeken naar het functioneren van de organisatie, de betrokkenheid van de directie en het continue verbeteren van de organisatie.
Als organisatie wilt u kunnen aantonen dat u zorgvuldig omgaat met de informatie van uw klanten. Met het ISO 27001 certificaat laat u zien dat uw organisatie voldoet aan de wetgeving en regelgeving met betrekking tot information security. De ISO 27001 norm bevat eisen voor het vaststellen, uitvoeren, controleren, beoordelen, bijhouden en verbeteren van het gedocumenteerd managementsysteem: het ISMS (Information Security Management System).
The requirements of this internationally recognized standard include the following topics:
De certificering volgens de ISO 27701 is een uitbreiding op de ISO 27001 norm, waarbij er spedifiek wordt gekeken naar het inrichten, implementeren, onderhouden en het verbeteren van een PIMS (Privacy Informatie Management Systeem) als aanvulling op het bestaande ISMS. Deze certificering is van toegevoegde waarde wanneer er van een organisatie wordt verlangd dat er op een verantwoorde manier wordt omgegaan met privacygevoelige informatie, zeker wanneer deze informatie terug te leiden is naar een individu, ofwel Personally Identifiable Information (PII).
Bij de ISO 27701 wordt gekeken naar de beveiligingstechnieken toegespitst op privacy- en cyberrisico’s, de uitbreiding op de in de ISO 27001 opgenomen maatregelen voor privacy-informatiebeheer en het managementsysteem voor het beschermen van persoonlijke gegevens (PIMS). De ISO 27701 maakt het mogelijk om een koppeling te maken tussen ISMS en de AVG.
De NEN 7510 is ontwikkeld voor instellingen in de gezondheidszorg en organisaties die werken met personal health data. De norm is een aanvulling op de ISO 27001 norm, toegespitst op het verwerken, beheren en beveiligen van gezondheidsinformatie. De NEN 7510 certificering toont aan dat de organisatie haar information security in order, both on a technical, organizational and procedural level.
Een NEN 7510 certificering biedt verschillende voordelen, zoals:
Bent u betrokken bij de uitwisseling van gegevens in de zorg, dan wordt van u misschien geëist dat u voldoet aan de NEN 7512. De NEN 7512 heeft betrekking op de electronic communication in healthcarebetween healthcare providers and healthcare institutions and between healthcare providers and patients and clients, healthcare insurers and other parties involved in healthcare.
De NEN 7512 is een verdere uitwerking van de eisen uit de NEN 7510 norm. Er worden onder andere minimale eisen gesteld aan de authenticatie, verificatie en beveiliging van:
If you manage or provide an Electronic Patient Dossier (EPD) or a Personal Health Environment (Persoonlijke Gezondheidsomgeving, PGO), dan is de NEN7513 voor u van toepassing. Deze norm bepaalt wat en wanneer er moet worden gelogd in een patiëntdossier. Deze logs provides insight into who has had access to that patient file.
De NEN7513 is een verdere uitwerking van de eisen uit de NEN7510-norm. Er worden onder andere minimale eisen gesteld aan:
Bent u betrokken bij de ad-hoc uitwisseling van zeer gevoelige informatie (spreekkamerinformatie) in de zorg, dan moet u wellicht voldoen aan de NTA7516. De NTA7516 heeft betrekking op ad hoc data exchange. bijvoorbeeld door middel van e-mail- of chatapplicaties. Onder ad-hoc communicatie valt bijvoorbeeld e-mail, maar ook chatprogramma’s en applicaties die berichten versturen met sensitive information.
De NTA7516 stelt onder andere eisen aan:
Your customers would like evidence that your organization meets the right requirements. With an ISO 9001 certificate you can demonstrate that the needs and requirements of customers are met and the reliability of your products or services is improved. The ISO 9001 standard helps your organization to control and improve quality management..
The requirements of this internationally recognized standard include the following topics:
The ISO 22301 concerns Business Continuity Management (BCM). BCM looks at the organization's preparation for the unexpected and the ability to deliver the products or services at a predetermined, acceptable level after an incident.
The ISO 22301 includes, among other things:
In addition, the functioning of the organization, the involvement of management and the continuous improvement of the organization are examined.
As an organization you want to be able to show that you manage the information of your customers with due care. With the ISO 27001 certificate you demonstrate that your organization complies with the laws and regulations regarding information securityThe ISO 27001 standard contains requirements for establishing, implementing, checking, assessing, maintaining and improving the management system: the ISMS (Information Security Management System).
The requirements of this internationally recognized standard include the following topics:
The ISO27701 is the standard for privacy management and is an extension of the ISO27001 standard, which specifically looks at the establishment, implementation, maintenance and improvement of a Privacy Information Management System (PIMS) as a supplement to the existing Information Security Management System (ISMS). This certification is of added value when an organization is required to handle privacy-sensitive information in a responsible manner. Especially when this information can be traced back to an individual, or Personally Identifiable Information (PII).
The ISO27701 looks at the security techniques focused on privacy and cyber risks, the extension of the ISO27001 privacy information management measures and the management system for protecting personal data (PIMS).
The NEN7510 standard was developed for healthcare institutions and organizations that work with personal health dataThis standard is an addition to the ISO 27001 standard, and focuses on the processing, management and security of health information. The NEN7510 certification shows that the organization has its information security in order, both on a technical, organizational and procedural level.
A NEN7510 certification offers several advantages, such as:
If you are involved in the exchange of data in healthcare, you may be required to comply with NEN 7512. The NEN 7512 standard relates to electronic communication in healthcarebetween healthcare providers and healthcare institutions and between healthcare providers and patients and clients, healthcare insurers and other parties involved in healthcare.
The NEN 7512 is a more elaborate extension of the requirements of the NEN 7510 standard. Among other things, minimum requirements are set for the authentication, verification and security of:
If you manage or provide an Electronic Patient Dossier (EPD) or a Personal Health Environment (Persoonlijke Gezondheidsomgeving, PGO)then the NEN 7513 applies to you. This standard determines which activities must be logged in a patient dossier and when. These logs provides insight into who has had access to that patient file.
The NEN 7513 is a further specification of the requirements of the NEN 7510 standard. Among other things, minimum requirements are set for:
If you are involved in the ad hoc exchange of highly sensitive information (doctor’s office information) in healthcare, you may be required to comply with the NTA 7516. The NTA 7516 relates to ad hoc data exchange. bijvoorbeeld door middel van e-mail- of chatapplicaties. This includes e-mail, for example, but also chat programs and apps that send messages with sensitive information.
The NTA 7516 sets requirements for, among other things:
Het combineren van audits is over het algemeen een goed idee. U bespaart hiermee niet alleen op kosten en doorlooptijd, maar verlaagt ook de auditdruk binnen uw organisatie: uw medewerkers hoeven het verhaal maar één keer uit te leggen en kunnen sneller weer aan het werk.
Assurance audits kunnen over het algemeen onderling goed worden gecombineerd, maar ook door het combineren van ISO audits en assurance audits is in veel gevallen winst te behalen.
An assurance statement is an effective and efficient way to provide assurance to your customers about the processes they outsource to you. There are different kinds of statements.
The primary question is: “Which assurance statement provides sufficient assurance for the processes outsourced to me by my client?”
Het antwoord vindt u onze whitepaper.
As Valk Solutions, we automate business-critical point of sale processes for retail organizations. Our customers entrust us with their competition- and privacy-sensitive data. The ISAE 3402 statement is an independent confirmation for retailers that they are in good hands with us. Auvaro's audit team closely monitors that we work according to the standard every year. This sets us apart from the competition.
Karin Valk
Managing Director - Valk Solutions
Since 2016, Auvaro has been conducting the ISAE3402 audit at Itris. Itris' services to its customers are audited against NOREA's framework of standards. Since 2018, the ViewPoint functionality, Itris' ERP package, has also been audited against a framework of standards drawn up by Itris and its customers. For both audits, Auvaro issues an ISAE3402 type II statement annually. The audits are planned in close consultation with each other and are carried out in a pleasant manner by the auditors of Auvaro. We are therefore very satisfied with this service.
Marianne van Leeuwen
Manager Customer Support & Quality - Itris
Our ISAE 3402 audit was conducted efficiently and in a pleasant manner. The auditors guided us professionally.
Peter Van Den Plas
Information Security Officer - CACI B.V.
The audit process was carried out in a professional manner. Our ICT architects were impressed by the available ICT knowledge of the auditors. Conversations were conducted in a pleasant and constructive manner. It's very efficient that ISO 27001 and ISAE 3402 audits can be combined.
Theo van den Hoek
Program manager - Peopleware ICT Solutions
We wanted to investigate whether we could get an ISAE 3402 certification for our payroll service. After searching on the internet we came across Auvaro. After a first introductory meeting, we quickly started describing the processes and controls. Following Erik's advice, we then added and changed some checks and made some adjustments to our working method, after which we already received the first audit at the beginning of 2019. From this, some points emerged that have been adjusted and at the end of 2019 we received the final audit for 2019 and we were ISAE 3402 certified! The collaboration went very well and the certification also gives our customers the certainty that they can outsource their payroll administration with confidence.
Pier de Vries
Manager salary service - PeopleInc
We are an organization where a lot of information and personal data of our customers is processed. To provide a guarantee about our information security, we came to Auvaro about 3 years ago to guide us in this and to obtain an ISAE 3402 Assurance report. This year we were again audited by Erik and his team. It were intensive 'remote audit' days, but Erik and his team guided us in a very pleasant and flexible way. They were very thorough and precise and helped us with the right constructive feedback to have information security 'in control' even better.
Lisa Houwer
Security & Information Officer - Conclusion Learning Centers
