EN 
NL 
DE FAQ
DigiTrust is happy to help your organisation achieve your certification and is the expert on information security in the Netherlands. Assessing your information security management system is our core business. We have our own team of auditors, who look closely at the context of your organisation.
- Your audit starts as early as one month.
- Personal guidance throughout the certification process.
- Sharp prices
More than 300 organisations have already gone before you.
What does certification cost?
The cost of certification does not just 'fall out of the sky'. The calculation of the number of audit days and thus the certification costs are bound by formal rules.
The basis of the calculation is always the number of FTEs within your organisation. Here, for ISO27001 and NEN7510 certification, the table from ISO27006 is used. The number of days in the table are the so-called 'gross days'. Depending on the context of your organisation, days can be added or subtracted. For example; if you do not develop software yourself, this is a relieving factor in the calculation and can already save half a day.
| Number of FTEs | Audit days |
| 1-10 | 5 |
| 11-15 | 6 |
| 16-25 | 7 |
| 26-45 | 8,5 |
| 46-65 | 10 |
| 66-85 | 11 |
| 86-125 | 12 |
| 126-175 | 13 |
| etc.. |
Suppose your organisation has 14 FTEs. This means gross 6 audit days. Through our intake form, you can provide information about your context. What do you do and what does your organisation not do. We discuss this form together so that we have a good understanding of what you have filled in. We then use this information to make the calculation. This calculation gives the number of net audit days. With the data provided from the intake form, the 6 gross days may come out to 5 audit days for initial certification. We multiply this by our daily rate.
For how many years am I certified?
We always enter into a 3-year contract with you.
| Section | Year |
| Initial certification | 2021 |
| 1st control audit | 2022 |
| 2nd control audit | 2023 |
'Re-certification' will then follow in 2024
Incidentally, re-certification is always fewer audit days than initial certification.
I would like to get my information security in order, but where to start?
Firstly; good decision to do something about your information security. Whether you are a bakery, ICT or healthcare organisation we all work with corporate data. Unfortunately, it is commonplace for organisations to have to deal with 'hackers'. Many times, organisations still think, I'm not interesting. But those days are long gone. Every organisation can unfortunately fall victim to cyber-criminals.
The question is how to start. Often it's like an 'elephant in the room' We all know we should do something about it, but the busyness of the day keeps us from doing it. Yet a first step is saying 'YES WE WILL DO something about it' is an important one. The next question is how to go about it. What do we need to do anyway?
The ISO27001 and NEN7510 standards specify the requirements you need to meet. To start with, there are good roadmaps to help you with this. There are many good consultancies that can help you get started.
Tip; there are also parties that specialise in SMEs, at low cost and doing a lot yourself will get you there.
Take contact with our back-office should you want help with your choice. We will always give you multiple options so you can make the right choice yourself. DigiTrust has no formal relationships with any party.
What standards can DigiTrust certify for?
ISO27001
In 2015, we achieved our accreditation at the ISO27001, which is the general standard for information security.
NEN7510
In 2019, DigiTrust became the first certifying installing in the Netherlands to achieve accreditation on the NEN7510. This is the standard for information security in healthcare. DigiTrust has the accreditation for both healthcare and ICT service providers. You can only obtain NEN7510 certification if you process personal health information. Contact our back-office if you want to find out if you comply.
ISO9001
In 2021, DigiTrust also achieved accreditation at the ISO9001 for ICT and business service providers.
Accreditation
On these standards, DigiTrust audits and certifies under accreditation from the Dutch Accreditation Council (COA)
Other standards
In addition to these standards, DigTrust also audits and certifies on other standards.
How does the certification audit work?
The certification audit is split into 2 parts. Called phase 1 and phase 2.
Phase 1: this is actually a preliminary audit, to determine whether you are really ready for the real phase 2 audit. This is to avoid going into the phase 2 audit only to find that you have forgotten some crucial issues. A phase 1 assessment takes half a day or a full day. Depending on the size of the organisation. At the end of this assessment, the auditor gives the 'verdict' whether the organisation is ready for the phase 2 audit. There may still be areas of concern, which you can then address before the phase 2 audit. The lead auditor always makes a report of his findings.
Tip; should you want a better and more complete picture of the status of the management system, we can also always conduct a pre-audit, or baseline measurement. Contact us to discuss the possibilities.
Phase 2: during the phase 2 audit, we will audit the management system and all control measures. During an audit, we always look at SETTING, EXISTING and OPERATING.
Set-up = does the organisation have a defined policy or procedure
Existence = does the procedure described suit the organisation (hasn't copy/paste been done secretly)
Operation = is there demonstrable evidence that the policy or procedure works?
At the end of the certification audit, the lead auditor creates a report and together with you the file is completed. At DigiTrust, you always receive the audit report within a few days! Next, the certification manager will review the file and all documents. This is a kind of peer-review and quality assurance of our own process. If everything is ok, the certification manager makes the decision. The back office then gets to work and within a few days you receive the certificate. If you like, we can always come to you to issue the certificate. We do that for free, just because we like it too.
Take contact with our back office to make an appointment about this.
We are certified with another organisation, can we switch?
Good news, we can just take over your certification and we still do FREE also.
You do not have to wait until your current contract expires. During the current contract, we can take over certification. Think of it as taking over a relay baton. Such an acquisition is (of course) again bound by formal rules. A takeover goes through a so-called pre-transfer review. This is not an audit, but a document review of your current certification. If everything is in order, we can draw up a real DigiTrust certificate and you can make use of the DigiTrust benefits.
Tip; cancel your contract with your current certifying body in time. The small print often contains absurdly long notice periods.
Who is DigiTrust anyway?
DigiTrust is a young organisation and has existed since 2013. We are different from all other certifying bodies.
Why? We do this work because we really want to contribute to a safer digital world. We are always saddened to read again in the newspaper that an organisation has been hit by cyber-crime. We want to do something about it. Information security through good and sharp audits. That is what we do and what we stand for.
Information security and proving that you have it in order should be achievable for everyone. That is why DigiTrust has low rates.
DigiTrust is a healthy and stable organisation and gives account to the Co. (Committee on Impartiality)
Can DigiTrust also help with implementation?
No, DigiTrust is a certifying body and we do not give advice.
You can compare us to the CBR. You learn to drive at a driving school and the CBR assesses whether you can also drive properly.
So you do the building yourself or together with a consulting firm. The moment you feel you are 'ready', you can have the Information Security Management System assessed by DigiTrust. We do this with passion and always look at the standard and the context of your organisation together. What is important for one organisation is not at all or much less so for another. This makes audits relevant and not a***-shit.
tip; be careful with 'google' On the internet, you can find templates for e.g. risk analyses that are nice, but not compliant with the standard requirements. Avoid losing a lot of time and make a good start by using the right approach. If you have doubts about who can help you, our back-office can always independently name multiple parties that do use the right approach. DigiTrust does not have a business relationship with any party and will therefore always recommend multiple parties so you can make the right choice yourself.
Questions or curious about the possibilities?
Our specialists will be happy to tell you more about it. Call us at 088-224 56 00, please email us at sales@digitrust.nl or use our online contact form. We will be happy to visit you for a no-obligation introduction.
More than 300 organisations have already gone before you.