April 2024
At ORTEC we are dedicated to protecting the privacy and security of our customers by handling their data securely. We test our information security management through yearly independent audits. At the end of 2023, the auditors approved our processes again. As a result, our current ISO 27001, NEN 7510, and SOC 2 certificates are reaffirmed, indicating that we comply with the (international) standards for information security, valid through December 2024.
In today's interconnected digital world, the importance of verified proof for information security cannot be emphasized enough. Our customers entrust us with their sensitive data, and it's imperative that we demonstrate our ability to handle it securely. Annual independent audits serve as a test for our information security protocols, providing assurance to our customers and stakeholders that their data is in safe hands.
At the end of 2023, a new external audit took place at our offices, and we are pleased to share that the auditors approved our information security processes again and therefore reaffirmed our certificates, including ISO 27001 – the world’s best-known standard for information security management systems – NEN 7510, and SOC 2. The certificates can be found below.
The ISO 27001 certificate guarantees that ORTEC applies comprehensive and compliant information security practices that protect sensitive information. The certification validates our information security management controls for various areas such as data security, human resources, and software development. We have also extended our ISO 27001 scope again, now also including ORTEC Load Optimization, ORTEC Business to Business Delivery, Routing portals & apps, ORTEC Scenario Management, and ORTEC Workforce for Warehouses.
The NEN 7510 is a Dutch standard that describes measures that healthcare institutions must take to adequately handle patient data. Those measures ensure that information security becomes a controlled process and relate to all forms in which client data are recorded.
SOC 2 (System and Organization Controls) is intended for use by service organizations (also known as cloud providers) to issue validated reports of internal controls over information systems to the users of those services. Auditors extensively check that we comply to a set of information security controls that we have chosen, adhering to the SOC 2 Trust Service Criteria. The SOC 2 report is available on request. Please contact your ORTEC customer representative.
The certificates are valid for three years, though ORTEC will be vetted yearly by an external auditor to ensure continuous improvement.