On January 27, 2022, Daniël Knot and Marjolein Veenstra of KIWA presented NFIR with the pentest hallmark of the Center for Crime Prevention (CCV). Here you will find more information about this trustmark. This award makes NFIR the fifth IT-Security organization in the Netherlands to achieve this seal of approval. This quality mark, based on NEN-EN-ISO/IEC standards 17021 and 17065, gives customers the guarantee that the execution of a pen testing assignment by NFIR is carried out in a professional and high-quality manner.
During the audit, conducted by KIWA, the working methods and certifications of the pentest team were scrutinized. In addition, the procedures, tooling used and qualifications of employees were reviewed.
Arwi van der Sluijs, NFIR’s general manager, calls obtaining the seal of approval “a nice proof that the execution of pen testing for our clients is done at a high level.” He would like to emphasize that NFIR, as an engineering club, attaches importance to transparent and verifiable processes. “In addition to the ISO 27001 and ISO 9001 certifications, this is an important certificate whose bar we believe can be set much higher” said van der Sluijs. Within Cybersecure Netherlands, NFIR will advocate for the taking of necessary next steps that will ensure that the quality bar is raised even further.
The CCV pentest quality mark is mainly about the processes and certifications used by pentesters. A pen test shows to what extent the security of environments such as a network infrastructure, (web) application or mobile application is effective and sufficiently technically resilient at the time of the pen test. This must be carried out competently. The certification of a pen test with the CCV Pen Testing Seal of Approval guarantees the quality of the pen tests and ensures that customers of our pen tests can have a justified confidence that the pen test delivered meets the requirements set in advance.
This is very important, according to van der Sluijs, but it is necessary that the industry also learns to report in a uniform way. Van der Sluijs explains: “For example, NFIR always accounts for exactly what was tested, according to which standards it was performed and what the scores are obv the CVSS. Many pen test providers just freewheel. This CCV Hallmark is going to separate the wheat from the chaff.”