We are extremely proud that CYS has successfully passed the annual external ISO audit. During the audit, ISO 27001 was tested, demonstrating that CYS still meets the requirements of this international standard for process-based information security.
Taco van der Pompe, CEO: “It was not easy to adhere to the guidelines of RIVM during this annual audit. However, we have digitized all checks with our software with which we can demonstrate remotely that our information security system still meets all certification requirements. A compliment to all our employees.”
Not just an annual check mark
For CYS, data security has the highest priority however, with the ISO 27001 certificate, we can make this transparent and measurable for all stakeholders such as customers, suppliers and our employees. We hereby demonstrate that we take this subject very seriously.
“Handling data securely is embedded in our organization, so the audit isn't just an annual check mark, but instead a continuous process. All employees are involved with data in one way or another and everyone is aware of the importance of protecting data, ”says Taco.
What is ISO 27001
Data is the most important asset of any organization. That is why it is crucial to properly secure it. ISO 27001, a globally recognized standard, sets requirements for information security. This standard describes how an organization can organize information security in a process-oriented manner. By obtaining the certification, you demonstrate that you have taken measures against any information security risks. Every year, follow-up audits are done to check whether an organization still meets the ISO 27001 standard requirements.
How does CYS protect the data of customers?
The security of our customers' data is our top priority. We handle confidential information very carefully at all levels of the organization. Some examples are strictly separated development, testing and production environments, Two-Factor Authentication, and an encrypted SQL database. As well as describing the approach to security incidents and the password policy, everything is recorded and complied with.