eConnect is ISO27001 certified
We are proud to announce that on 16 May, eConnect received the ISO 27001 certificate. The certification was carried out by DigiTrust and marks a fitting conclusion to our ISO project. Information security is in our DNA and is a core value of our services. Chris de Rooij, Security Officer at eConnect, says: "Besides meeting customer demands with the certification, it also affirms our reliable image." The certificate is a formal confirmation of what we do in practice!
*Update May 2024: our ISO27001 certificate has been renewed, and last year we also obtained a NEN7510 certification. Check out our blog article about this.
Left to right: Marco Bijl (Auditor DigiTrust), Chris de Rooij, Johan Schaeffer.
What does the ISO 27001 standard entail?
The ISO 27001 standard is the pinnacle of international information security standards. It contains many rules and guidelines that ensure the availability, integrity, and confidentiality of (personal) information. The standard focuses on continuous improvement through the PDCA (Plan Do Check Act) cycle. Topics include:
– Secure personnel;
– Internal audits;
– Access security;
– Secure and planned development;
– Information security with suppliers;
– Incident management;
– Compliance with legislation.
Which parts of eConnect are in scope?
“We chose to certify the entire organisation. This is quite unique. Many companies choose to certify only a small part of the organisation, for example, just the data centre. The advantage of our full certification is that all our systems, processes, and services meet the standard requirements. This sends a strong message: that we take information security very seriously,” says Johan Schaeffer, director of eConnect.
“The scope of the certification is a key part when assessing the value of an ISO 27001 certificate,” emphasises Chris de Rooij. The scope of eConnect’s certification is as follows:
‘The design, development, testing, implementation, hosting, and servicing of activities related to the automation of the administrative process. This includes validating, enriching, and securely exchanging documents such as e-invoices, orders, and contracts.’
Arnaud Thoen, Security Officer - Stedin:
What does this mean for your organisation?
With this certification, we guarantee our customers that the security of (personal) data is our top priority within eConnect and that it meets strict international requirements, both now and in the future. The periodic external ISO audits at eConnect make individual audits by clients unnecessary. With this certification, we guarantee that data security is a top priority within eConnect and that it meets strict international standards, both now and in the future.
What is the overlap with GDPR?**
All data processing within eConnect is fully compliant with the General Data Protection Regulation (GDPR). Many topics are safeguarded in our information security system based on ISO 27001. Chris de Rooij: “Having an ISO 27001 certification is not a requirement from European legislation. However, the GDPR indicates that certification can be an important tool to demonstrate compliance with requirements.” Johan Schaeffer adds: “The ISO has ensured that we have systematically implemented information security throughout the organisation. This is fully in line with our culture of continuous improvement and reinforces our reliable image. Fortunately, we also hear this from our customers.”
Would you like to know more about how eConnect complies with the GDPR? Feel free to check out this page.
Questions about our certification or our information security measures? Feel free to contact us.