Click to enlarge A couple of weeks ago we have successfully concluded our certification audits. The auditor, the international risk manager DNV has given a positive advice to the UKAS committee. This committee has adopted the recommendation of the auditor and we have received the official certificates last week. We are now officially ISO 27001 and NEN 7510 certified and this includes the additional CloudControls as well. These certifications apply to all CloudVPS services.
ISO 27001 & NEN 7510
The ISO 27001 is an international security standard that applies to the entire Information Security Management System. Companies can choose which controls apply to their specific situation. We have declared all 133 controls to be applicable. The NEN 7510 is a Dutch standard for the healthcare sector, it is a stricter version of the ISO 27001 controls with a focus on the protection of patient data.
A lot of customers have questions regarding measures against cloud specific issues. Think about guarantees regarding information supply, the non existence of lock in risks and the neutralisation of risks related to the sharing of infrastructure with other parties. Together with KPMG and some other parties we have developed the CloudControls. These are 43 additional controls that mitigate cloud related risks. These controls were audited together with the ISO 27001 and NEN 7510 standards and integral an part of our certification.
* The Statement Of Applicability (SOA), this is the list with certified controls (Excel sheet)
* List of cloud related risks, questions for your cloud provider and CloudControls (Excel sheet)
* Cloudcontrols website (Link)
* ISO 27001 and NEN 7510 certificates (PDF)
* Initial Audit Report (Dutch) (PDF)
* Mitigating measures (Dutch). Here the mitigation of the two minor non-confiormities in the Audit Report are discussed. (PDF)
* Our certification page (Link)