anDREa B.V. obtains ISO 27001 certification
Version: 2022-09-15
TL;DR: anDREa B.V. obtained ISO 27001 certification. Feel free to download the certificate (attached at the bottom).
Introduction
anDREa B.V. is committed to protecting the security of its business information in the face of incidents and unwanted events and has implemented an Information Security Management System (ISMS) that is compliant with ISO/IEC/27001:2017+A11:2020, the international standard for information security. We have continually improved our ISMS since we proclaimed to work in accordance to ISO 27001 since Q3 2020.
Over the past year, several organizations engaged anDREa with their due-diligence requirements. They are pleased with anDREa's level of transparency, the measurements in place, and the evidence we can provide them.
We have given evidence that we are open to feedback and improvement by implementing suggestions that make sense. We have given evidence that we know our business by pushing back on suggestions that once we explain why we do not do it their suggestions no longer make sense to them either.
Two major feedback items across the board were:
- Insurance against liability.
- ISO 27001 certification.
We are proud to announce that both major feedback items have been realized!
ISO 27001 certification
From July 18th - 20th, a three-day certification audit was performed by DigiTrust, the accredited certifying body. In this certification audit, all ISO 27001 norm elements and annex controls were checked. On these items you can score either conform, minor non-conformity and critically non-conform.
To give an idea: minor non-conformities are items that take a corrective action plan (CAP) to be conform but are not dealbreakers. Usually certifying bodies allow about ten minor non-conformities before failing the audit. In the case of anDREa, three minor non-conformities were found:
- One HR-related.
- Two supplier management-related.
On July 25th, we handed in our CAPs for the three minor non-conformities for approval. On July 26th, the CAPs got approved and the complete report was sent to the certification manager for approval. As of September 1st, we are proud to announce that our ISMS is ISO 27001 certified.
Attached you can find and download our ISO 27001 certificate.
Continuous improvement
In line with the Plan, Do, Study and Act (PDSA) cycle, we are already looking into improvements regarding our ISMS. Currently, we are restructuring our policy documents and supporting documents before making these documents public on Zoho together with our Statement of Applicability.
This article will be updated once the policies and Statement of Applicability are publicly available.
Related Articles
ISO 27001 - Overview & Statement of Applicability
Introduction This page is the stepping stone to all ISO 27001 related policies and procedures. anDREa's Access Control Policy applies. Some documents, records especially, might not be accessible. Authorized access will be issued based on invitation ...anDREa & Subprocessors
Introduction This article answers the most common questions around anDREa's subprocessors in relation to processing personal data. Summary anDREa has no subprocessors other than the (sub)processors that the Tenant already uses. Rationale All data is ...anDREa & myDRE Information Package
All the material below is copyrighted by anDREa BV, it is free to be used in connection and only in connection to anDREa B.V. or myDRE. All the content of all the linked presentations, posters, and other material is the same and is subject to ...anDREa FAQ
First version: 2021-12-09 Last updated: 2024-03-10 Last change: Added Overview Agreements and User Training links Introduction This FAQ is a comprised out of links to other articles related to a particular topic. Contact details Contact information ...anDREa Public Management Reports
First version: 2024-01-25 Last updated: 2024-04-01 Last change: Added new CTO Report of April 2024 Introduction This article provides an overview of all public anDREa management reports. This page will be regularly updated once new reports are ...