Recurring evaluations

After certification, it is in everyone's interest to keep checking whether the information security management system remains effective! To verify that and to monitor the progress of system improvements, we visit organisations two to five times after certification, within a three-year period.

The number of visits depends on the complexity of the processes and the size of the organisation. In any case, at least one official visit takes place per year. Follow-up visits focus on establishing that the approved information security management system is still:

• is maintained;
• has been implemented;
• is improved.

As a certification body, we also take into account the changes you have made to the management system during follow-up visits. We also check whether the requirements of the standard are still being met.

Programme evaluation visit

A programme is drawn up for each visit, focusing on:

• internal audit and management review reporting;
• open improvement actions;
• Progress in achieving targets and improvement trajectories;
• system of preventive and improvement measures, including customer satisfaction and complaint handling;
• changes in the system and its effectiveness;
• managing change, related to tasks and responsibilities of staff;
• the use of the official DigiTrust logos.

At the closing discussion, our auditor reports on the current state of your information security management system and then draws up a plan for the next visit. If any deficiencies are found, the auditor will make arrangements with you to follow up.

The final follow-up visit is the so-called 'focus audit'. Here, we analyse with you the performance of the past years (the review) and how the information security management system has contributed to this. Together with your management, we also look ahead to developments in your sector (the preview).

Want to know more about information security and the ISO 27001 and/or NEN 7510 certification process? Call 088-2245600 or mail info@digitrust.nl.