Information security audit

Certification is the perfect way to demonstrate your organisation’s compliance with information security requirements. If the information security audit shows that your organisation meets the requirements stipulated by a particular standard, you will obtain the corresponding certification. Read on to find out more about information security audits.

Data plays an important role in every company and organisation and includes information about business processes, (potential) customers, employees and suppliers. Sound information security is a bigger priority than ever before, especially given increasing digitalisation and strict regulations on data storage.

Information security standards

Various standards relate to the information security of organisations and/or employees. Several important information security standards follow below.

ISO 27001 is a guideline that organisations can use to make sure their (digital) information systems are secure. To obtain ISO 27001 certification, all the following aspects of the standard must be in place: a risk analysis, risk management, physical and digital security strategies and incident management protocols.

Healthcare institutions process information about patients and clients on a daily basis. The guidelines in NEN 7510 help healthcare institutions keep their information management secure.

A company will obtain the pentesting quality mark if it meets the requirements of the Centre for Crime Prevention and Safety (Centrum voor Criminaliteitspreventie en Veiligheid; CCV). The pentesting quality mark shows that a company - which audits the cyber security of organisations - has employees who are qualified and reliable. It also shows that the company carries out audit activities in a reliable and professional manner.

The information-security-audit process

In an audit, the auditor carries out an objective assessment to see whether an organisation meets the information security requirements described in the standard in question. The exact nature of the audit varies because different requirements and conditions apply for each standard. However, most information-security-audit processes involve the following:

Information security scan

Before requesting an external audit for a particular security standard, we advise you to perform an information security scan to analyse information security in your organisation. There are several ways to do this, including a test audit. DEKRA can conduct a test audit on your risk assessment, policy and/or how you implement various measures. This audit is not part of the certification process. It reveals the current level of information security in your organisation, which enables you to focus on any points for improvement that would prevent you from meeting the requirements of the standard in question.

People Based Auditing

Audits assess compliance with standards but also the people who are required to work in line with them on a daily basis - because they decide how to implement processes, systems and procedures. This is why DEKRA auditors always carefully consider human aspects during audits. We call this approach People Based Auditing and it forms an integral part of our audits. Click here for detailed information about Peopled Based Auditing.

Information security audit conducted by an expert

As an independent certification body, DEKRA offers various types of information security audit. Our auditors have the experience and expertise necessary to carry all these audits. They will guide you throughout the process, from preparation up to and including completion of the audit. Please don’t hesitate to contact us to find out more about the information security audit or any other audit. Our experts are always happy to help!

Request a quote

Do you have a question? Get in touch with one of our experts

DEKRA Audit Sales

Meander 1051

6825 MJ Arnhem

+31 88 96 83016 salesaudit.nl@dekra.com

Everything about Information Security

Do you want to know more about information security? Find out and read more about it in this blog.