EN 
NL 
DE Information security
With certification from DigiTrust, you can easily demonstrate that information security within your organisation is indeed in order.
More than 500 organisations have already gone before you.
What is information security?
Information security is the set of measures, processes and procedures to minimise a data breach or unwanted access to important information such as personal data, intellectual property, business-sensitive information or customer and customer relations' information.
Why is information security important?
When there is a lack of information security, the consequences can be dire. For example, a hack or data leak can cause sensitive information to be out in the open. Unfortunately, leaked data is occurring at more and more companies. Consequently, it is increasingly in the news and this is damaging to your company's image.
Customers, suppliers or stakeholders also want to know what information security measures you have taken as a company. This way, they know that their information is safe with your company and you show them that you handle this data correctly. This gives confidence to engage with your company.
What information security certifications are there?
In the field of information security, DigiTrust offers the following certifications:
ISO 27001
ISO 27001 is the global standard for information security. With this certification, you demonstrate that you have a working information security management system. In it, you record what measures you have taken with regard to information security, among other things.
Who is this certification suitable for?
An ISO27001 certification is suitable and useful for all organisations. Large or small. Even small organisations can apply this standard well, within their own context. Our customers use ISO27001 certification and the associated certificate as a positive signal to organisations they work with. Moreover, certification is a requirement in many tenders.
NEN 7510
The NEN 7510 is a Dutch standard developed by the NEN. It is the standard in the field of information security, but specifically aimed at the healthcare sector. Obtaining NEN 7510 certification is very important. This way, you can really demonstrate to your stakeholders, including the inspectorate, that you have it all together. Having a well-functioning information security management system is not a 'nice to have' but crucial in accountability and the blind trust patients have in your healthcare institution.
Who is this certification suitable for?
This certification applies to all healthcare providers and their suppliers. This includes nursing homes, hospitals, physiotherapists, general practitioners, GGD institutions and so on, but also the ICT service providers (MSP) that handle patient data or could have access to it.
Demonstrate that information security is in place within your organisation
ISO 27001 is the globally accepted standard for information security. Getting started with information security based on the ISO 27001 standard? For example, it is important to get started with a proper risk analysis. To do so, you use the ISO 27002 standard. This is an extension of the ISO 27001 standard, as it were, which describes in more detail which control measures you can take to deal with risks. DigiTrust then tests whether your organisation meets the applicable ISO standard. When you receive the certificate, you can demonstrate that information security is up to standard within your organisation.
![logo-zl-concern[1]](https://www.digitrust.nl/wp-content/uploads/2025/02/logo-zl-concern1-300x90.jpg){kind=logo}
![cmyk-Logo Cura Mare [top]](https://www.digitrust.nl/wp-content/uploads/2024/09/RGB-Logo-CuraMare-300x45.jpg){kind=logo}
or call one of our specialists
How can you get certified as a company?
The certification process has a number of logical steps.
During the Pre-audit, we check whether you are ready for certification. What is the status of the management system? Are there any issues that may not be in order? Together with you, DigiTrust can determine which topics should be covered during this pre-audit. We also determine the duration together. Usually this is between 2 and 4 days for a good picture of the management system and all control measures. After each pre-audit, DigiTrust provides you with a clear audit report, detailing where you may not yet be working in accordance with the requirements.
Tip; this is a frequently chosen option. It really gets you started in the process and immediately gives you a good idea of where you stand as an organisation.
Initial certification
DigiTrust assesses whether the system works and functions according to the requirements. This assessment includes reviewing all operations at your office as well as at the implementation site. The initial certification consists of 2 parts. The phase 1 and phase 2 audit.
During the phase 1 audit, we take an outline look at your management system (ISMS) and whether you are really ready for the phase 2 audit. We will also create the audit plan together for the phase 2. Who do we need when.
During the phase 2 audit, we test the ISMS and all management measures.
Phase 1
During the phase 1 audit, we take an outline look at your management system (ISMS) and whether you are really ready for the phase 2 audit. We will also create the audit plan together for the phase 2. Who do we need when.
Phase 2
During the phase 2 audit, we test the ISMS and all management measures.
Issue certificate
In case of a positive assessment, the auditor will nominate the organisation for certification. The certification manager does a quality check on the file. If everything is in order, you will receive the certification.
Control 1
During the term of the certificate, which is usually three years, DigiTrust will conduct an annual surveillance audit. During a surveillance audit, we take a sample on the various standard elements. In case of a positive assessment, the current certificate will be continued.
Control 2
DigiTrust will visit about three months before the certificate expires for the reassessment. This assessment is of the same scope as the one at step 2 and should ensure that if the result is positive, the certificate is renewed for another three years.
Need advice on information security?
Our specialists will be happy to tell you more about it. Call us at 088-224 56 00, please email us at [email protected] or use our online contact form. We will be happy to visit you for a no-obligation introduction.
More than 500 organisations have already gone before you.