Category: Cyber Security

ISO 9001 and ISO 27001

ISO 9001 and ISO 27001

As organizations strive to continuously meet customer demands and comply with legal requirements, there is an increasing need for them to obtain and maintain multiple ISO certifications. A common combination gaining popularity is ISO 9001 and ISO 27001.

The ISO 9001 standard specifies the requirements an organization must meet to demonstrate the presence of an effective quality management system and consistently deliver quality-driven products and services that meet customer requirements and regulations. Achieving ISO 9001 certification for an organization signifies the successful demonstration of the organization’s robust quality process, considering the business process environment of products/services, quality-focused customer orientation, infrastructure, design and development of products and services, design inputs and outputs, and how externally provided processes and services are managed. Additionally, ISO 27001 is the internationally recognized standard that guides an organization in implementing and maintaining an effective information security management system. By obtaining ISO 27001 certification, an organization has demonstrated its ability to effectively manage information security risks through the implementation of an information security management system.

The International Organization for Standardization (ISO) defines a management system as “a system in which an organization manages the interrelated parts of its business to achieve its objectives.”

The Differences:

ISO 9001

  • Objective: Maintaining expected quality standards within the organization
  • Does not require a Statement of Applicability

ISO 27001

  • Objective: Setting requirements for establishing, implementing, maintaining, and continually improving ISMS
  • Utilizes controls from ISO 27002 to support its ISMS

It’s evident that there are more similarities between the two management systems than differences, and the differences that do exist can also benefit and complement the other management system peripherally. Therefore, achieving this dual certification of ISO 9001 and ISO 27001 can be incredibly beneficial – enabling an organization to simultaneously demonstrate the capability and commitment to information security risk management while also validating their commitment to optimal delivery of their quality products and services.

TeslinCS (TCS Fund Services) completes ISAE 3402 implementation

TeslinCS (TCS FundServices)

Completes ISAE 3402 implementation

As of February 1st, TCS Fund Services B.V. (part of Teslin CS) has completed the implementation of ISAE 3402. This demonstrates the organization’s control over internal processes.

This organization serves as the hub for alternative investment funds to outsource mid- and back-office services, allowing managers to focus on fund investments and investors. Services provided by TCS Fund Services include complete fund and financial administration, preparation of financial statements, quarterly reports, and reporting to regulators.

Given that managers of alternative investment funds delegate some of their tasks to TCS Fund Services, the organization highly values their ability to rely on the existence and operation of robust procedures and systems.

Birgitte van de Broek, managing director of TeslinCS, emphasizes the importance of  ISAE 3402 implementation: ‘Given that TeslinCS is highly automated, sensitive information is often shared online via our platform. It’s crucial that this platform meets all security requirements. The implementation of ISAE 3402 was a logical step for us. We’re satisfied with our collaboration with Securance on this. They are experienced in procedure documentation and have provided us with valuable guidance.’

Koen van der Aa, supervisor at Securance, adds: ‘Throughout the ISAE 3402 implementation, TeslinCS has demonstrated itself as an organization that recognizes the importance of internal control. This has enabled TeslinCS to effectively establish and continuously optimize processes and procedures. In addition to implementing control measures in the ISAE 3402 report, TeslinCS has standardized the entire internal manual of processes and procedures.

On behalf of Securance, congratulations on completing the implementation! Click here for more information on ISAE.

Student Experience receives ISAE 3402 reporting

Student Experience receives

– ISAE 3402 reporting

As of January 2017, Student Experience Beheer B.V. holds an ISAE 3402 Type II report. This demonstrates that Student Experience meets high-quality standards and that its processes are in order according to international norms.

Johan Verweij, CEO of Student Experience: “We are very proud of achieving this certification. By obtaining this, the opportunities to collaborate with financial institutions and institutional investors supervised by the DNB or AFM are expanded. It enables us to continue the growth of Student Experience.”

Koen van der Aa, senior consultant at SECURANCE, the consultancy firm that conducted the audit: “Student Experience is a professional organisation that thinks in terms of possibilities and creates solutions for complex issues, leading them to innovative practices. Student Experience has standardised its internal procedures and implemented a solid risk management framework in a short period.”

By obtaining the ISAE 3402 report, Student Experience ensures that clients have insight into how processes and risks are managed. This ISAE 3402 Type II report covers the management and maintenance activities of Student Experience for its clients. The report concerns the processes that impact the financial statements of the user organisations. It includes how risks are identified and whether measures are effectively designed to manage risks.

SECURANCE advises Fujitsu Netherlands

SECURANCE advises

Fujitsu Netherlands


SECURANCE will support Fujitsu Netherlands in implementing ISAE 3402. Fujitsu is a global provider of dynamic IT infrastructures. More than 170,000 Fujitsu employees support customers locally in 70 countries. Fujitsu’s headquarters are located in Tokyo.

Fujitsu

Fujitsu Netherlands offers a one-stop-shop of standardised products and services for desktop and data centre environments. Based on the customer’s needs, these building blocks are combined into a reliable ICT solution that fits like a tailored suit, can quickly adapt to changing capacity requirements, and, if desired, is also managed by Fujitsu. Due to its commitment to environmental conservation and corporate social responsibility, Fujitsu is included in the Dow Jones Sustainability World Index and the FTSE4Good Index.

ISAE 3402 and Cloud Service Providers

As of December 2014, the original COSO framework was replaced by COSO 2013. The Dutch Central Bank has made CObit 4.1 and its included maturity model mandatory in the information security assessment framework. Due to these developments, multinationals increasingly demand ISAE 3402 from cloud service providers in addition to SaaS providers. This trend is supported by the fact that the number of registered Cloud Service providers in the ISAE 3402 register increased from about 40 to 80 within a year.

Fujitsu and SECURANCE

Emile ten Hoor is delighted that SECURANCE has been selected as the assurance and security advisor for Fujitsu and to support this global organisation in obtaining the ISAE 3402 certificate. Within our current portfolio of SaaS and hosting providers, asset managers, and pension administrators, Fujitsu is a welcome addition. We are keen to be part of Fujitsu’s commitment to social responsibility and sustainability vision.

ISAE 3402 and Sustainability

We are highly motivated and enthusiastic to support Fujitsu in this process and demonstrate that Fujitsu also meets the ‘strict requirements’ and rigorous scrutiny that an ISAE 3402 audit entails. We support every professionalisation effort and strive for better security and control in the ICT sector.