ISO 27001 Certification

DigiTrust is happy to help your organisation achieve your ISO 27001 certification and is the expert on information security in the Netherlands. Assessing your information security management system is our core business. We have our own team of auditors, who look closely at the context of your organisation.

More than 500 organisations have already gone before you.

ISO 27001:2022 and the ISO27001:2023

ISO27001:2023 version

Yes you read correctly, there is a 2022 AND a 2023 version. How about that?

The ISO/IEC 27001:2022 standard was published in October 2022. This is a global - international standard. To prevent international standards conflict with European standards, the European Committee for Standardisation (CEN) must first approve those international standards. On 23 July 2023, CEN approved the international 2022 version, without modifications, for Europe. NEN accepted this version for the Netherlands and published it in August 2023, making the following versions available:

NEN-EN-ISO/IEC 27001:2023 en
NEN-EN-ISO/IEC 27001:2023 and

So these are the European - Dutch versions.

The international / global version is and will therefore remain: ISO/IEC 27001:2022.

If you want to certify, you need to specify whether you want to be certified for the European-Dutch version or international. Do you want to buy the ISO 27001 standard, then look here.

New name ISO 27001 certification
The new version of the ISO27001 standard has also been renamed. The full name is now: Information security, cybersecurity and privacy protection - Information security management system

Adjustment HLS
In chapters 4 to 10 (HLS), some minor changes have been made. These include H4 stakeholder analysis, H6.3 Managing changes to your ISMS, H8 operational planning, H9 internal audit and the Management Review and finally H10 where the 10.1 and 10.2 topics have been reversed. These are minor changes that you can implement quite easily in your ISMS.

Adjustment Annex A
The current ISO 27001:2013 contained 114 measures divided into 14 chapters. The ISO 27001:2022 standard has been reduced to four chapters, many of whose measures have been merged:

Annex 5 (organisation-specific control measures)
Annex 6 (human-centred management measures)
Annex 7 (physical security management measures)
Annex 8 (technical management measures)

There are now a total of 96 management measures, of which 11 are new.

From ISO 27001:2013 to ISO 27001:2023

For already certified organisations, the transition from ISO 27001:2013 to ISO 27001:2023 will have to take place within 3 years and you will also have to comply with the new version within 3 years. The deadline depends on the date of birth of your certificate. The DigiTrust back office can assess your situation and determine with you when your deadline is. Of course, you may also switch to the new standard earlier. This transition is done via a Transition Audit.

If you are going to start a new initial certification with DigiTrust, we may perform it on this new version of the standard from 01/02/23.

From 30 April 2024, we are no longer allowed to certify on ISO27001:2013. From this date, we will only be allowed to perform certifications on the new version of the standard.

Transition audit if you are already certified with us
According to the applicable guidelines, DigiTrust must schedule the appropriate audit time with you before conducting the transition audit.

In case of a separate transition audit or combined with a control audit, 1 additional day will be charged. If the transition audit is combined with a HER certification then 0.5 will be charged for the additional transition audit.

During this audit, we review some topics to assess whether you are really ready to transfer your current certificate to one against the ISO27001:2023 version.

What are we going to assess?

GAP analysis performed

Risk analysis and treatment plan
VVT adaptation
Internal audit
Management review

NEN 7510 or ISO 27001?

If you have a NEN7510 certification then it will remain on the current version. After all, no new version of this standard is available yet. If you have both ISO27001 and NEN7510 certification, you can already switch to the new standard with your current ISO27001 certification. This will create a situation of 'old and new' mixed up in your ISMS.

The administrator/owner of this standard is the NEN. Because a new version of ISO 27001 has been released, the NEN standards committee is currently working on a new version of NEN7510 as well. This is only expected to be finalised and published during 2024.

Do you have any questions about this or about ISO certification 27001 at all? Then please take contact with us.

Proudly certified by DigiTrust

Click on the logos to view all DigiTrust-certified companies.

or call one of our specialists

The standards explained

What is ISO 27001?

ISO 27001 is a globally recognised standard in the field of information security. As an organisation, you therefore need to have your information security in order. A data breach not only has financial consequences for your organisation, but also affects your reputation.

In the ISO 27001 standard all information security requirements are laid down. With certification against this standard, you demonstrate that you have a working information security management system. Moreover, certification is a requirement in many tenders.

Why is ISO 27001 certification important?

If, as an organisation, you do not secure your business data the data of your customers, suppliers or stakeholders, the consequences can be dire. For instance, a hack or data breach could cause this sensitive information to be out in the open with all the consequences.
With an ISO 27001 certification, you ensure that the set of measures, processes and procedures in place to minimise a data breach or unwanted access to important information such as personal data, intellectual property, business-sensitive information or information of customers and relations is in place. This provides confidence for others to do business with your company.

The steps explained

How can you achieve ISO 27001 certification as a company?

You can purchase the ISO 27001 standard through the NEN. To obtain certification, there is first a ISO 27001 audit needed. This is where DigiTrust can help you. Our certification process has a number of logical steps.

Initial certification

DigiTrust tests whether the system works and functions according to the requirements from ISO 27001. This assessment also includes the review of all operations at your office as well as at the implementation site. The initial certification consists of 2 parts. The phase 1 and phase 2 audit.

During the phase 1 audit, we take an outline look at your management system (ISMS) and whether you are really ready for the phase 2 audit. We will also create the audit plan together for the phase 2. Who do we need when.

During the phase 2 audit, we test the ISMS and all management measures.

Phase 1

Phase 2

During the ISO 27001 phase 2 audit, we test the ISMS and all control measures.

Issue certificate

In case of a positive assessment, the auditor will nominate the organisation for certification. The certification manager will do a quality check on the file. If everything is in order, you will receive the ISO 27001 certification.

Control 1

During the term of the ISO certification 27001 certificate, which is typically three years, DigiTrust will conduct an annual surveillance audit. During a surveillance audit, we will take a sample on the various standard elements. In case of a positive assessment, the ongoing certificate will be continued.

Control 2

DigiTrust will visit about three months before the certificate expires for the reassessment. This assessment is of the same scope as the one at step 2 and should ensure that if the result is positive, the certificate is renewed for another three years.

What is the investment for ISO 27001 certification?

Curious about the investment of an ISO 27001 certification and how they are structured? The basis of the audit time and therefore the cost starts with the number of FTE working within the scope of certification, the number of full-time equivalents. It then looks at the complexity of the IT landscape and your organisation in general. Which products/services and processes play a role within your scope of certification? Questions that come into play here are:

What (critical) sectors do you work in?
Do you develop software?
Do you have your own server or do you store data in the cloud?

These factors determine, among others, the complexity of the information security management system and determine the final number of audit days and thus the costs involved in obtaining ISO 27001 certification. To get a good idea of this, we will always send you our intake form.

We try to keep the cost of ISO 27001 certification as low as possible through a competitive daily rate. Meanwhile, you can count on senior auditors with in-depth expertise and broad experience in the ICT, healthcare and government sectors.

At DigiTrust, you can expect;

Sharp daily rates
Own auditors, we do not work with hired auditors
Quick response to all your questions
Direct contact with the back office and auditors
Quick quote, usually within a few days
We can often schedule your audit at short notice

Questions about ISO 27001 certification or curious about the possibilities?

Our specialists will be happy to tell you more about it. Call us at 088-224 56 00, please email us at sales@digitrust.nl or use our online contact form. We will be happy to visit you for a no-obligation introduction.

More than 300 organisations have already gone before you.