DigiTrust achieves accreditation with the RvA for the new ISO27006.

Published on 11 December 2024

𝐄𝐯𝐞𝐧 𝐰𝐚𝐭 𝐜𝐨𝐧𝐭𝐞𝐱𝐭
The ISO17021 standard contains requirements for certification bodies (CBs) that perform audits and certifications on management systems. These include: impartiality requirements, how we calculate the audit time, conduct the certification audits and competence requirements for our auditors.
In addition to this standard, there is also the ISO27006. This standard contains the additional requirements for CBs auditing and certifying against the ISO27001 standard. There is also the NCS7510, which in turn is a supplementary standard to ISO27006, for CBs auditing against the NEN7510.
The Accreditation Council assesses CBs against these standards and if everything is found to be good, the CB receives accreditation for these specific standards.

A new version of ISO/IEC 27006-1:2024 was published in March 2024. The main reason for this revision is to stay in line with the new ISO27001:2023. To apply these new requirements, DigiTrust applied to the RvA for a scope extension. In early December, the RvA gave DigiTrust a positive advice and thus confidence in being allowed to apply this version of the ISO27006 standard.

Normally, this standard deals with internal DigiTrust procedures, but there are some changes that ISO27001-certified organisations should be aware of.
DigiTrust is transparent and explains what you need to consider as an organisation;

𝐑𝐞𝐦𝐨𝐭𝐞 𝐚𝐮𝐝𝐢𝐭𝐬
- The audit plan and the audit report will clearly state on which days the audit will or will not be or was conducted remotely;
- The total percentage of the remote audit portion will be given;
- The tool used (e.g. TEAMS) will be mentioned in the audit report.

𝐅𝐲𝐬𝐢𝐞𝐤𝐞 𝐥𝐨𝐜𝐚𝐭𝐢𝐞𝐬
If your organisation has no physical locations (everyone works remotely), this will be noted in the audit report and on the certificate.

𝐁𝐢𝐣𝐥𝐚𝐠𝐞 𝐀
If you have applied a different set of control measures to mitigate your information security risks, the certificate will state that the control measures as stated in the VVT (Statement of Applicability) are only used to state inclusion or exclusion, but not for conformity assessment.

note; the orange DigiTrust flowers are still missing 😀

Share this message

Other messages

NIS2 guideline: Are you a supplier to an NIS2 organisation?

NIS2 Directive - Quality Mark NIS2 legislation describes that essential and important companies, also known as NIS2 companies, are responsible for the cyber security of their

Anyone can issue ISO certificates, including you

With or without accreditation? It may sound a bit strange, but: anyone can perform ISO27001, NEN7510 and ISO9001 audits themselves ánd even issue actual certificates. The

Provinces, municipalities and water boards BIO 2.0 is coming and so is the NIS2/CBW!

From BIO 1.04 to BIO 2.0 For the government, since 1 January 2019, there is the Baseline Information Security Government (BIO), which includes for the government

IEC 62443 standard - DigiTrust

DigiTrust audits and certifies against IEC 62443 standard

DigiTrust audits and certifies your Operational Engineering (OT) against IEC 62443 In a world where digital security is becoming increasingly important, it is increasingly vital for organisations