Since 2017 Online Seminar is certified for the ISO 27001, an important standard for data security. Our quality manager Theo ten Voorde explains what you will notice of this certification.
To get straight to the point: nothing. ‘That's just the idea,' says Theo. ‘We keep everything in order, so that our service to customers is stable and continuous. The intention is therefore that all processes run as smoothly as possible: ISO certification is a guarantee of quality. As a customer, you can be assured that data security is properly taken care of and that you don't have to worry about it. So not only do we say that we provide data security, we also have proof of it, issued by an independent, accredited agency'.
Lots of work and supervision
‘To meet the ISO certification, you have to do a lot of work. ‘All internal procedures must be in order and applied by everyone. From the personnel guide that explains how we deal with passwords to a strict access policy and control thereof,' says Theo. ‘We are regularly checked, not only by ourselves but also by external agencies’
This is what data security is all about
When it comes to data security, there are a number of topics that are key. ‘Storage of data, of companies and individuals, is of course important,' says Theo. ‘That's why there is the GDPR, but any company can say that it complies with it. With us it's just a little bit different. We are monitored by an external independent party, who checks whether we are doing everything we can to keep the security of privacy-sensitive data in order. We ensure that we have the required information security management and assurance measures in place to ensure that data is secure, encrypted, and only people with appropriate rights can access it. We also regularly check the list of rights to see if it's still up to date'.
All information properly stored
Online Seminar's IT specialists regularly monitor all servers to ensure that the data is still secure. ‘We are also obliged to have a reporting system for when, for example, the servers are in danger of becoming too full. Then we can take immediate action'. The great thing about the ISO, Theo thinks, is that all those kinds of actions are also recorded in company structures. ‘Requesting a Declaration of Good Conduct from new employees, regularly checking the rights of all those involved: we have calendars stating when we need to do what. For example, we regularly check whether there have been any changes in the laws and regulations with which we have to comply. We did this kind of thing before our ISO certification, but now it's formalized and we can show our customers that we provide the highest level of data security'.