CloudVPS certifications
CloudVPS certifications

Certifications

More and more companies and public institutions store business-sensitive data in the cloud. Therefore, these organizations have a clear need for certain standards ensuring a minimum service level. We provide our customers with this guarantee through our various certifications.

ISO 9001

ISO 9001 is the international standard for quality management systems and quarantees the quality of our service and customer satisfaction. We conduct periodic customer satisfaction surveys to evaluate our processes. Based on the results, we will make adjustments where necessary to improve our collaboration with you.

ISO 27001

ISO 27001 is the most common used security management certification outside of the United States. It consists of 133 controls and is applicable to the apparatus of the whole Information Security Management System.

In the Statement of Applicability (SOA), certified organizations can determine which controls are applicable to them. We have implemented the most comprehensive version of the ISO 27001:2013 certification, namely all 133 controls.

The certificate, the Statement of Applicability and the audit report are freely available for inspection.

NEN 7510

The healthcare industry processes and stores important medical and patient data. To ensure that your medical data is stored securely, the NEN (Dutch Standards Institute) has created the NEN 7510 security standard. We implemented the NEN 7510 simultaneously with ISO 27001 and both have been audited.

Besides the fact that we are one of the official NEN partners, we also take seat in the NEN commission for cloud computing: Distributed Application Platforms and Servers (DAPS). This commission deals with a new ISO standard for the cloud; ISO 27017. In addition, the commission is concerned with the Dutch Code of Practice Cloud Computing. Our CloudControls are used as the basis for the risks and controls.

The certificate, the Statement of Applicability and the audit report are freely available for inspection.

Documents

Cloud Certification: the CloudControls

ISO 27001 and NEN 7510 relate to data security. However, there are other factors to think about when using cloud services. The outsourcing element of the cloud plays an important role. A layer of your infrastructure is purchased from a third party, resulting in additional elements to be covered. Think about preventing lock-in risks, or guaranteeing  that information about the fulfilment of the service level agreement will be provided, for example.

Another factor inherent in a public cloud is multitenancy. This relates to uncertainties when sharing an infrastructure with multiple customers. To manage these outsourcing and multitenancy risks, we have developed CloudControls together with KPMG and other companies. CloudControls consists of 44 controls which can be audited independently or as an appendix to ISO 27001. The overview below covers the different categories with examples.

Examples CloudControls

 

Control Group Control Sub Group Short Control Control
Multi-Tenancy Multi-Tenancy Isolation failure risk Isolation failure risk in virtualization technology and storage is frequently reviewed and is managed to a minimum.
Outsourcing Management Information and Control Portability of services Short term contracts are possible, customer virtual assets are exportable and transportable in an industry-accepted format. Sufficient access to the environment or data will be granted in order to implement migration.
Outsourcing Legal Process Data location and applicable jurisdictions Customer can determine jurisdiction where data is stored. It should be communicated which governments and jurisdictions can lay claim to a customers' data.
Outsourcing Privacy and Access to Data Privacy policy A privacy policy is developed, formally communicated and audited. Robust NDA clauses are added to the terms describing the confidentiality of all customer data.
Outsourcing Infrastructure design Informatie over resiliency
management
Disaster recovery plans and availability enhancing measures should be shared with customers when relevant.
Outsourcing Security Process Customer vulnerability assessment Cloud provider should provide the possibility for vulnerability assessment by customers.
Outsourcing Operational Process Information on degraded services Outage reporting: If service was interrupted or degraded a detailed report will be provided on the reason and mitigation measures if relevant.
Outsourcing Interfacing with the Service Customer payment data Sensitive customer data is encrypted. Measures are implemented to prevent storage and visibility of sensitive financial information.

Order your VPS