home
company profile
news
events
careers
contact
training
sitemap
links









choose language

 






Products and Processes




Product testing and certification


Inspection services


System certification


Personnel certification


Calibration


Accreditations


Access to Markets


Certified products


KEMA-KEUR Standards





Guarding all doors

Organizational and technical management of information security

An angry ex-employee who releases millions of liters of sewer water into a nature reserve. A hacker who gets hold of customers' personal details. A terrorist who disrupts the electricity supplies for a whole city. Doom scenarios? Certainly, but they are easily imaginable. And real. KEMA helps companies to protect themselves from these sorts of unpleasant external influences. 

It’s impossible to imagine our society without IT systems. Everything is organized and controlled by computers. In a world that is increasingly more dependent on information stored in electronic systems, its security is even more important. Because every computer that is physically connected to the Internet, whether by a wire or a wireless connection, can be a back door to critical data – and is therefore a potential risk. But there is good news:  everything can be secured. 

Physical security

‘Good information security begins with the physical security of the location where you manage the data,’ explains KEMA consultant and cyber security specialist Henk Spelt. ‘Is access to your server rooms secure? Can anyone who shouldn’t be there get in? Then there’s the organizational layer. Identify risks and decide whether you have to take action.’ KEMA certifies companies on the basis of the ISO 27001 information security management system. ‘It works according to the well-known Plan-Do-Check-Act principle,’ says Henk Keijzer, auditor at KEMA. ‘You start with a risk analysis. Where is information stored and how is it secured? Is it on a stand alone PC, a connected system or is it on paper in an archive? And how big is the chance and the risk that certain information is made public? If the chance is very small, but the risk is very great, then you probably will want to take action. If the chance is great, but there is no risk, then you can ask yourself whether you should invest a lot in securing that part.’ ISO 27001 forces companies to make calculated choices and prevents them making unnecessary investments. It can therefore be cost saving.  

‘In a world that’s increasingly dependent on data stored in electronic systems, security is vital.’

Getronics PinkRoccade is one of the companies that are certified by KEMA on the basis of ISO 27001. Security Manager Jan Verkerk: ‘For us, information security is something that has had a high priority for years. Traditionally, it’s always been that way because we manage a lot of information for government agencies. We were also asked by other customers if we could objectively demonstrate that we had properly secured their information in our systems.   That is why we started on the certification process a few years ago.’ 

Technical security

If the building is secure and the organization is certified, there is yet a third security level.   Spelt: ‘That’s the technical security. Because many IT systems are interconnected, you must close off access everywhere to the critical parts of the system. Sometimes this is an enormous task, which is often underestimated.’ Because sometimes Spelt still comes across back doors that are wide open. ‘Firewalls that have been badly configured, PCs with a critical function that have Internet access, or are connected to the outside world through an analog modem. These are very easily forgotten, but they are an easy target for hackers. Some companies even hire in hackers from time to time to help them find the weak spots. Better this than an unannounced guest getting into your system. There are cases known where it took weeks before they could lock a hacker out of the system.' 

For more information, please contact us.






Search




Back to top | Disclaimer | Privacy policy