After being certified for ISO27001 in 2020, we are now proud to add ISO9001 to our certifications. With the addition of this certification, NFIR demonstrates our ability to provide services that meet information security and quality requirements and desires of our customers. NFIR was audited for this purpose by BSI and a certificate was issued after a successful audit.
ISO9001 and ISO27001
NFIR has already been audited and certified for ISO27001 in 2020. At the time, an ISMS (Information Security Management System) was built to give the right interpretation to this. Within this ISMS, measures are secured to mitigate information security risks. By embedding these measures in the management system, NFIR as an organization gets a grip on the effective operation of the measures and can make adjustments if necessary.
NFIR also wants to be fully in control when it comes to quality. In fact, a high-quality and consistent delivery of our services is very important to NFIR’s customers. It doesn’t matter if it’s implementing Incident Response, Digital Forensics, Penetration Testing, Security Monitoring, File Monitoring, the CSSC or Awareness services. You can expect us to be committed to the quality of the processes and execution of these services. By implementing measures, NFIR has a grip on the constant delivery of quality. These measures are secured in a management system, the QMS (Quality Management System).
Since both ISO27001 and ISO9001 use ISO High Level Structure, NFIR has chosen to bring these systems together into one integrated management system. Thus, both information security and quality are jointly secured in our organization.The scope of the management system is as follows: Limiting consequential damage from cyber incidents and increasing digital resilience of organizations through reactive and preventive IT security services.
In our DNA
Rob de Vries, Quality Manager & Information Security Officer at NFIR indicates that securing information runs through NFIR’s veins and is part of its DNA:
“Information security and quality have been in our DNA since the beginning of NFIR. We are specialists in the field of cybersecurity and often advise clients on measures to be taken after we have carried out Incident Response at an organization that has been hacked, for example. Of course, it is unacceptable for us not to have our own information security in order. So we were already applying many measures. Also in the area of quality, it was already the rule to work according to standardized methods, perform peer reviews and investigate customer satisfaction. So many things were already well organized. The implementation of a management system for ISO27001 and ISO9001 was therefore primarily aimed at securing various measures and processes in an integrated system.”
Advantage for customers
Achieving certifications for both ISO27001 and ISO9001 also provides benefits for NFIR’s customers. De Vries: “Customers can now see at a glance that NFIR is a reliable partner in the field of IT security. In addition to the strict laws and regulations we must comply with from our POB (detective agency) license, these certifications are a very nice addition to increase NFIR’s reliability as a player in the cybersecurity market. Also, the high consistent quality of the services we provide further contributes to this.”
The next step?
Next year NFIR will also be working hard to achieve NEN7510 certification. For example, the amended ISO27002 will also be scrutinized. In short, NFIR is not sitting still in the coming period.