HomepageServicesAuditManagement systemsInformation security

Information security audits

Compliance audits for management systems

Every organization works with large amounts of data: information about customers, employees, suppliers, and other stakeholders, as well as about its own business processes. This information must be stored securely at all times, but also be available. Due to the 24-hour economy, ongoing digitization, and increasingly strict regulations, maximum information security is more necessary than ever.

The essence of information security lies in consciously managing confidential information. Technology plays an important role, but employee awareness and clear agreements about availability and responsibility are just as essential. DEKRA Audit offers all the expertise needed to demonstrate that your management systems and processes are secure and reliable. We will work with you to determine which certification is most suitable for you.
Important certifications for information security
CCV pentesting quality mark in a server room

CCV pentesting quality mark

With the CCV pentesting quality mark you demonstrate that your organization works professionally and safely. In order to obtain this quality mark, you must, among other things, show that you have qualified employees who carry out the test in a professional manner.
Details
ISAE 3402 / 3000 certification

ISAE 3402 / 3000

An ISAE 3402 or 3000 assurance statement helps service organizations with information security in outsourcing. It demonstrates that you have set up sufficient control in relation to your IT security and privacy measures.
Details
certification ISO 27001

ISO 27001 certification

Demonstrate that information security is a high priority within your organization with the ISO/IEC 27001 certification.
Details
iso 27001 training

ISO 27001 training

DEKRA's ISO 27001 training helps you to understand the ISO 27001 standard. You learn to take concrete measures to secure digital systems and information within your company.
Details
Cloud network

ISO 27017 certification

ISO 27017 provides guidelines to improve the security of cloud environments, both for service providers and their customers.
Details
Green digital cloud

ISO 27018 certifiication

ISO 27018 is an international standard that focuses on the protection of personal data in cloud services.
Details
ISO 27701 certification at DEKRA.

ISO 27701 certification

With an ISO 27701 certificate, your organization demonstrates control over privacy requirements when processing (personal) data.
Details
Stethoscope on a keyboard

NEN 7510 certification

NEN 7510 certification provides guidelines for secure information management within healthcare institutions. As of December 16, 2024, NEN 7510-1:2024 has been amended.
Details
NIS2 directive next to employee

NIS2 directive

The NIS2 directive applies to more sectors and sets stricter security standards and incident reporting requirements. As a cybersecurity expert, DEKRA offers certifications to demonstrate NIS2 compliance.
Details

Contact

Quotation

Your partner in information security

DEKRA's experienced auditors can assess and certify the processes within your organization in various areas. In addition to information security, we also conduct audits in the areas of occupational safety, quality, healthcare, and sustainability. We can also assess specific issues within your organization by means of a customized audit.

Information security: The auditing process

During an audit, the auditor will objectively check whether the organization complies with the information security requirements described in the relevant standard.
The exact course of the audit varies per standard, because each standard describes different requirements and regulations. However, in broad terms, most information security audits proceed as follows:
In the first phase of the information security audit, the auditor analyzes the documents related to the processes and/or working methods that form part of the certificate. The auditor verifies the presence and completeness of all mandatory documentation. The organization collects these documents during an internal audit and submits them to the auditor. When the auditor believes that the organization is ready for the next phase of the external audit, he or she begins the second phase.
Information security scan
Before requesting an external audit for the information security standard, it is wise to first perform a scan. This will allow you to assess your organization's information security.
In preparation, DEKRA can conduct a trial audit of the current policy and/or measures already implemented. Please note: this trial audit is not part of the certification process.
The trial audit provides insight into the current level of your information security. This allows you to focus on areas for improvement in order to meet the requirements of the standard.
During the second phase of the information security audit, the auditor conducts an on-site investigation. The auditor checks whether the described processes and working methods are being correctly applied in practice. This includes conducting interviews and observing the responsible persons within the organization.
If the audit shows that the organization meets all the requirements described in the certification scheme, it will receive the corresponding certificate.
All DEKRA certificates are published in our certificate database.
To ensure that the organization continues to meet the requirements of the relevant standard, the audit is repeated annually.
Recertification takes place after three years. Your organization will go through the entire certification process again. This allows the organization to demonstrate that it still meets the latest requirements associated with the relevant standard.
Why certify information security through DEKRA?
Your partner for a safe world

Safety is central to everything we do. With more than 50,000 employees worldwide, we work every day to create a safer living environment.

Experienced and knowledgeable auditors

Our auditors have years of experience in the field of information security. We know how to make the applicable standards verifiable and assess them.

Independent reviews

With our professional assessments, we objectively evaluate against information security standards.

Innovation as a priority

We work together with standards committees and industry organizations to continuously improve standards and our own services.

People-Based Auditing
DEKRA auditors not only assess standards, but also attach importance to the people who work with these standards on a daily basis. After all, it is people themselves who determine how processes, systems, and working methods are implemented. That is why DEKRA experts always pay close attention to the human aspects during audits. We call this approach People Based Auditing. People Based Auditing is an integral part of our audits.

Get in touch

Want to know more? View the contact options below; our experts are happy to help.
General contact info
DEKRA Audit Sales

Meander 1051

6825 MJ Arnhem

Must-read whitepapers

Cybercrime in the EU

Discover how your organization plays a crucial role in strengthening the EU's digital resilience. In this whitepaper we discuss the impact of cybercrime.
Request whitepaper

Cybersecurity legislation overview

Are you prepared for the latest European cybersecurity legislation? This whitepaper provides a clear overview of NIS2, RED-DA, and CRA compliance.
Request whitepaper
Information security blogs
5 Results
No results found.
NIS2 and IEC 62443
Oct 01, 2024Digital & Product Solutions / Cyber Security

NIS2 and IEC 62443

NIS2 & IEC 62443: The two critical pillars for cybersecurity and cyber resilience. Find out more here.
View article
A lock on a blue cloud with a chip as background
Dec 29, 2023Audit / Information security management system

Everything about information security

What is information security and why is it important for your organization? Find out more in this blog.
View article
ISO digital image connected to various online systems
Mar 08, 2023Audit / Information security management system

Difference between ISO 27001 and NEN 7510

What are ISO 27001 and NEN 7510, and what's the difference between them? Learn more here.
View article
laptop keyboard with a digital cloud lock
Dec 01, 2022Audit / Information security management system

ISO 27001 information security policy

Want to demonstrate that your organization handles information securely? Then obtain ISO 27001 certificate.
View article
Risk analysis information security
Jan 04, 2023Audit / Information security management system

Risk analysis in information security

Risk analysis in information security at DEKRA. Which certifications are interesting for your organization? Find out more here at DEKRA.
View article
Newsletter Audit
Want to stay up-to-date?
Subscribe to our Audit newsletter to stay informed of the latest trends and developments of Audit.
ContactRequest a quote