ORTEC receives re-certification of ISO 27001 and NEN 7510 certificates
January 2025
At ORTEC we are dedicated to protecting the privacy and security of our customers by handling their data securely. Through yearly independent audits we test our information security management. At the end of 2024, the auditors approved our processes again, leading to re-certification, including the Dutch NEN 7510 and esteemed ISO 27001. This one is now based on ISO27001:2022, the latest version of the standard.
Renewed certificates
In today's interconnected digital world, the importance of verified proof for information security cannot be emphasized enough. Our customers entrust us with their sensitive data, and it's imperative that we demonstrate our ability to handle it securely. Annual independent audits serve as a test for our information security protocols, providing assurance to our customers and stakeholders that their data is in safe hands.
At the end of 2024, a new external audit took place at our offices, and we are pleased to share that the auditors approved our information security processes again and therefore reaffirmed our certificates, including ISO 27001 – the world’s best-known standard for information security management systems – and NEN 7510. The certificates can be found below.
ISO 27001
The ISO 27001 certificate guarantees that ORTEC applies comprehensive and compliant information security practices that protect sensitive information. The certification validates our information security management controls for various areas such as data security, human resources, and software development. Our renewed certificate is based on ISO27001:2022, the latest version of the standard. The transition to this version consists of additional controls tailored to the modern threat landscape, places greater emphasis on a risk-based approach, and underscores the importance of management commitment.
NEN 7510
The NEN 7510 is a Dutch standard that describes measures that healthcare institutions must take to adequately handle patient data. Those measures ensure that information security becomes a controlled process and relate to all forms in which client data are recorded.
SOC 2
SOC 2 (System and Organization Controls) is intended for use by service organizations (also known as cloud providers) to issue validated reports of internal controls over information systems to the users of those services. Auditors extensively check that we comply to a set of information security controls that we have chosen adhering to the SOC 2 Trust Service Criteria. The SOC 2 report is available on request. Please contact your ORTEC customer representative.
Continuous improvement
The certificates are valid for three years, though ORTEC will be vetted yearly by an external auditor to ensure continuous improvement.
