ISO 27001 Certification
Information security has always had the highest priority at Aryza Nederland (formerly Collenda Nederland). Many customers entrust their data to our ASP platform. We therefore have a major responsibility in the field of information security. Much attention is already paid to this in the ISAE 3402 type II statement. In order to better demonstrate our information security level, we have had our information security audited against the ISO 27001 framework. As a result, Aryza Netherlands has received ISO 27001 certification.
What is ISO 27001
ISO 27001 is the internationally recognized standard for information security. With the ISO 27001 certification we can demonstrate that we have implemented all necessary security measures to protect clients’ critical information. Sound information security is laid down in the information security policy.
Our customers want to be assured that the necessary steps have been taken for sound information security. They require that information not be available to unauthorized individuals, entities or processes. They want you to guarantee the accuracy and completeness of information with integrity. They want us to guarantee the availability and usability of their information for authorized individuals and entities; in short, that information is accessible to the authorized applications and persons. With an ISO 27001 certification, our customers can trust that Aryza Nederland has implemented all necessary processes and systems to protect information against all types of threats.
ISO 27001 and the relationship with the GDPR
The General Data Protection Regulation (GDPR) is a European law that organizations must comply with as of May 25, 2018. This new legislation has been created to guarantee the protection of personal data within the EU. All organizations in the Netherlands and within the European Union will have to comply with this.
The GDPR requires that personal data be protected with appropriate technical and organizational measures. This means that only necessary personal data may be stored and processed in a careful manner. Organizations that do not do this are in violation. They risk a fine of up to 20 million euros or 4% of global annual turnover.
With the arrival of the GDPR, ISO 27001 information security is being taken to a higher level. A data breach must be reported to the Dutch Data Protection Authority (AP). In addition, requirements are imposed on internal procedures for data leaks, the processing of personal data and the privacy statement of organizations.
Many topics in the GDPR can be secured in an information security system based on ISO 27001. However, meeting the ISO 27001 standard or having an ISO 27001 certification is not an obligation under Dutch or European legislation. However, it does help to implement measures for appropriate protection of personal data and thus comply with the GDPR.
The GDPR in a certain sense encourages the initiation of certification. No explicit reference is made to the NEN-ISO guidelines, but the GDPR expressly indicates that certification can be an important tool for demonstrating the requirements and regulations of the GDPR.