Information security

With a certification from DigiTrust you can easily show(demonstrate) that information security within your organization is in order.

More than 300 organizations have proceded before you


What is information security?

Information security is the set of measures, processes and procedures to reduce a data breach or unwanted access to important information such as personal data, intellectual property, business-sensitive information or information from customers and relations.

Why is information security important?

The consequences of a lack of information security can be serious. For example, a hack or data breach can result in sensitive information becoming public. Unfortunately, leaked data is happening more and more to companies. It is therefore increasingly in the news and this is harmful to the image of your company.
Customers, suppliers or stakeholders would also like to know what measures your company has taken in the field of information security. This way they know that their information is safe with your company and you show them that you handle this data correctly. This gives you confidence to do business with your company.

What certifications are there in the field of information security?

In the field of information security, DigiTrust offers the following certifications:

ISO 27001

ISO 27001 is the worldwide standard for information security. With this certification you demonstrate that you have a working management system for information security. Here you record, among other things, what measures you have taken with regard to information security.

For who is this certification suitable?

An ISO27001 certification is suitable and useful for all organizations. Big or small. Small organizations can also apply this standard well, within their own context. Our customers use the ISO 27001 certification and the associated certificate as a positive signal to organizations with which they collaborate. Moreover, certification is a requirement for many tenders.

NEN 7510

The NEN 7510 is a Dutch standard developed by the NEN. It is the standard in the field of information security, but specifically aimed at the healthcare sector. Obtaining a NEN 7510 certification is very important. This way you can really demonstrate to your stakeholders, including the inspection, that you have done it. Having a well-functioning information security management system is not a ‘nice to have’ but crucial in accountability and the blind trust that patients have in your healthcare institution.

For who is this certification suitable?

This certification applies to all healthcare providers and their suppliers. This includes nursing homes, hospitals, physiotherapists, general practitioners, GGD institutions, etc., but also IT service providers (MSP) that handle patient data or could have access to it.

or call us directly to speak with one of our specialists.

How can you get certified as a company?

The certification process has a number of logical steps.

During the Pre-audit we check whether you are ready for certification. What is the status of the management system? Are there possibly still things that are not in order? DigiTrust can determine together with you which topics should be discussed during this pre-audit. We also determine the duration together. This is usually around 2 to 4 days to get a good idea of the management system and all control measures. After each pre-audit, DigiTrust provides you with a clear audit report, which describes in detail where you may not yet be working in accordance with the requirements.

Tip; this is a frequently chosen option. This will allow you to really start the process and immediately get a good idea of where you stand as an organization.

Initial certification

DigiTrust tests whether the system works and functions according to the requirements. These assessment also includes the assessment of all work in your office and at the execution location. The initial certification consists of 2 parts. The phase 1 and phase 2 audit.

During the phase 1 audit we take a broad look at your management system (ISMS) and whether you are really ready for the phase 2 audit. We will also work together to create the audit plan for phase 2. Who do we need and when?

During the phase 2 audit we test the ISMS and all control measures.

Phase 1

During the phase 1 audit we take a broad look at your management system (ISMS) and whether you are really ready for the phase 2 audit. We will also work together to create the audit plan for phase 2. Who do we need and when?

Phase 2

During the phase 2 audit we test the ISMS and all control measures.

Issuance certificate

If the assessment is positive, the auditor will nominate the organization for certification. The certification manager carries out a quality check on the file. If everything is in order, you will receive the certification.

Surveillance audit 1

During the term of the certificate, which is usually three years, DigiTrust will conduct an annual audit. During a surveillance audit we take a sample of the various standard elements. If the assessment is positive, the current certificate will be continued.

Surveillance audit 2

DigiTrust will come by for the reassessment approximately three months before the certificate expires. This assessment is of the same scope as that in step 2 and should ensure that the certificate is extended for three years in the event of a positive result.

Need advice on information security?

Our specialists are happy to tell you more about this. Call us on 088-224 56 00, send us an email to or use our online contact form.

More than 300 organizations have proceeded before you.