CYRA Certification

Cyber threats are on the rise. Customers, partners, and regulators expect your organisation not only to have implemented measures, but also to be able to demonstrate them. The CYRA method offers a structured, independently verifiable approach to map and certify your digital resilience.

DigiTrust is a recognised audit partner of the CCV and performs CYRA audits for organisations in the business, industrial, and healthcare sectors.

Independent. Experienced. Appreciative.

CYRA Certification

27001:2023 and 2024 version?

Latest news

ISO/IEC 27001:2022 was published internationally in October 2022. This version was approved for Europe by CEN in July 2023 and subsequently published by NEN in August 2023 as NEN-EN-ISO/IEC 27001:2023 (NL/EN). The international version remains ISO/IEC 27001:2022; when certifying, you must choose between the international or the European/Dutch variant.

De CYRA-methode is een acroniem voor de vier sleutelcomponenten die nodig zijn voor een succesvolle klantverloopanalyse: Communication, Yield, Retention, en Acquisition.

CYRA (Cyber Rating) is an online assessment tool that allows organisations to measure their information security through proportional risk measures. The method works with four maturity levels – Entry, Basic, Intermediate and Advanced, each subdivided into three steps. This way, CYRA offers a concrete growth path, regardless of your organisation's current standing.

The CYRA method has been developed by the CCV (Centre for Crime Prevention and Security) and aligns with current legislation such as the NIS2 Directive. A CYRA certificate externally demonstrates that your organisation has structurally set up its cybersecurity and has had this objectively tested.

CYRA is intended for whom?

CYRA is suitable for organisations that:

to show customers or clients that their information security is in order
Starting with cybersecurity and looking for a clear career path
Working on NIS2 compliance and supplier risk management
Step by step, we want to work towards full ISO 27001 certification

The method is industry-transcending and available in three variants: CYRA IT, CYRA OT, and CYRA Care.

Over 600 organisations have gone before you

ISO 27001 and/or NEN 7510?

If you have a NEN7510 certification then it will remain on the current version. After all, no new version of this standard is available yet. If you have both ISO27001 and NEN7510 certification, you can already switch to the new standard with your current ISO27001 certification. This will create a situation of 'old and new' mixed up in your ISMS.

The administrator/owner of this standard is the NEN. Because a new version of ISO 27001 has been released, the NEN standards committee is currently working on a new version of NEN7510 as well. This is only expected to be finalised and published during 2024.

Do you have any questions about this or about ISO certification 27001 in general?

Here then contact with us.

Direct contact with your specialist

Bell +31(0)88 22 45 600

Our specialists will be happy to tell you more about it. Call us at 088-224 56 00, please email us at [email protected] or use our online contact form. We will be happy to visit you for a no-obligation introduction.

Over 600 organisations have already taken the step.

Callback form

How does the process work?

With the upcoming Cyber Security Act (CBW), NIS2 responsible organisations are also responsible, that they can demonstrate that relevant suppliers are also sufficiently cyber resilient.

But how do you do that if you have 500 relevant suppliers? In these cases, the NIS2 manager will need to conduct a supplier risk analysis. Which ones have the most impact on the business continuity of your own operations. After all, the NIS2 goes beyond just protecting your GIV in this.

After an NIS2 manager has done this analysis, they can deploy CYRA to their suppliers.

The NIS2 responsible should ask his supplier if they want to sign up to the CCV CYRA platform. After signing up, the supplier can complete a self-assessment form in this portal.

The CYRA method consists of 4 growth levels, and each level has a maturity level. Completing the questionnaire clarifies ‘where the organisation stands’ and its areas for improvement. A report can be generated from the online CYRA tool, which can be shared with the NIS2/CBW responsible person.

The NIS2 responsible may then additionally require, that this self-declaration be reviewed by an independent and impartial party. DigiTrust is licensed to conduct these CYRA audits.

Through the portal, the supplier can request an audit from DigiTrust.

The audit will also be performed by the DigiTrust auditor within this same portal. It will be assessed whether what the supplier has declared matches reality. The DigiTrust auditor will form their judgement through interviews and the assessment of proof of evidence.

How does the process work?

In addition to the above method, there are additional requirements regarding digital undermining. This module becomes available if the entry level has been achieved.

Within CYRA, this is called Digital Demining Standards Framework (NDO)

CYRA IT

CYRA IT focuses on the security of information systems and business processes in general organisations. It encompasses measures in the following areas:

Access control and authentication
Network security
Patch management and software updates
back-up and recovery processes
Employee awareness and behaviour
incident detection and response

Based on a risk analysis, your organisation determines the maturity level that will be assessed. DigiTrust independently assesses whether the implemented measures align with your risk profile.

CYRA OT

Industrial environments face a unique challenge: OT systems (Operational Technology) such as SCADA, PLCs, and industrial control systems were not originally designed for network attacks. Now that these systems are increasingly connected to IT networks and the internet, they are becoming an attractive target for cybercriminals.

CYRA OT is specifically developed for organisations that manage OT environments in sectors such as:

Energy and utilities
Water and waste processing
transport and logistics
Industrial production

The module is based on the international standard IEC 62443 for the security of industrial automation and control systems. CYRA OT integrates seamlessly with CYRA IT, enabling organisations to manage and certify both domains from a single platform.

CYRA Healthcare

Healthcare institutions process sensitive patient data daily. The consequences of a security incident are therefore far-reaching — for patient safety, business continuity, and trust. At the same time, full NEN 7510 compliance is a big step for smaller healthcare institutions or healthcare suppliers.

CYRA Zorg provides a practical stepping stone. The module is based on NEN 7510 — the Dutch standard for information security in healthcare — but translated into an accessible growth model with twelve maturity steps.

CYRA Zorg is suitable for:

healthcare institutions (hospitals, clinics, mental health care, elderly care)
Healthcare providers and software suppliers in healthcare
Organisations that must comply with requirements from chain partners or health insurers

A CYRA Care certificate demonstrates that your organisation takes the digital security of patient data seriously and provides demonstrable proof of this.

What is assessed during CYRA Certification?

In a CYRA audit, DigiTrust assesses whether the measures described and implemented by your organisation align with the chosen maturity level and your risk profile. Assessed domains include, but are not limited to:

Identification and protection of critical business processes
Security measures for systems, networks, and applications
Access control and identity management
Business continuity and disaster recovery
Internal procedures, roles and responsibilities
Awareness-raising measures for employees

A preliminary risk analysis is a requirement for certification. DigiTrust will guide you through this or assess an existing analysis.

The process

Initial
certification

Control 1

Audit of your management system

Control 2

Audit of your management system

Recertification

Re-evaluation of your management system.

Why DigiTrust as an Audit Partner?

DigiTrust is an accredited audit partner of the CCV for CYRA certification. Our auditors combine deep technical knowledge with practical audit experience across diverse sectors.

At DigiTrust, you can expect;

Premium audits
Own auditors, we do not work with hired auditors
Quick response to all your questions
Direct contact with the back office and auditors
Quick quote, usually within a few days
We can often schedule your audit at short notice

CYRA Certification

27001:2023 and 2024 version?

Latest news

De CYRA-methode is een acroniem voor de vier sleutelcomponenten die nodig zijn voor een succesvolle klantverloopanalyse: **C**ommunication, **Y**ield, **R**etention, en **A**cquisition.

CYRA is intended for whom?

Over 600 organisations have gone before you

ISO 27001 and/or NEN 7510?

Direct contact with your specialist

Callback form

How does the process work?

How does the process work?

CYRA IT

CYRA OT

CYRA Healthcare

What is assessed during CYRA Certification?

The process

Initial certification

Control 1

Control 2

Recertification

Why DigiTrust as an Audit Partner?

Ⓒ 2026 DigiTrust BV

De CYRA-methode is een acroniem voor de vier sleutelcomponenten die nodig zijn voor een succesvolle klantverloopanalyse: Communication, Yield, Retention, en Acquisition.

Initial
certification