Certified for information security

iWink is ISO 27001 certified.

ISO 27001 is the globally recognised standard for information security. In this way, an organisation demonstrates that they have made all risks transparent, have appropriate measures in place, and continuously test and improve this. An external, impartial, independent auditor checks whether this is really the case. 

Information security has always been one of the most important things at iWink. For more than 20 years we have kept hundreds of websites, intranets, web applications, apps and information screens safe online. The track record is impressive: no website has ever been abused that runs on our own software Kirra and hosting. In addition, with the ISO certification 27001, we independently demonstrate that we monitor safety in the right way and thus make a promise to continue this in the future. This applies to processes within iWink as an organisation and our platform. Offering this closed 1-2-3 of data security and taking responsibility is almost unique for an internet agency. Something you can never guarantee with the use of an open source CMS.

When it comes to our own ISO 27001 information security certification, we are very proud! Team Security can and will always elaborate on it, but what does this certification mean for you as a (potential) customer? To answer that, we have grouped the most frequently asked questions from customers about our ISO 27001 in this article.

As a customer, you don't have to do anything with it and you probably won't notice anything either. Your data is safe. If there is anything wrong Team Security will inform you.

As the Dutch saying goes: a safety incident is just like a real accident in a small corner. The following measures and protocols are implemented to minimise the risks:

• Presence of physical security to prevent; burglary, fire, sabotage, power failure, etc ..
• Presence of digital security to prevent; hackers and encryption.
• Applying access rights, this means; separate functions, different roles and grant access only if relevant, etc ..
• Adapted working method; processes aimed at securely sharing, processing and storing information.
• Train employees; all employees know the security policy, comply with it and report any risks.
• Team security; performs risk analysis, provides training and is the response team for incidents.
• Auditing & control; periodic external inspection, testing, etc ..

We also believe in the statement "prevention is better than cure". From this point of view, we take additional measures that are not mandatory, such as:

1. Screening staff; mandatory Declaration of Behavior and the application of the four eyes principle.
2. Deployment of pentesters; conducting penetration tests for "white hat" hackers and customers who (unexpectedly) test.
3. Active communication of hotlines; responsible disclosures and contact points internally and externally.
4. Dutch hosting; handling of data centers explicitly for Dutch parties.

Basically nothing has changed. For many years, large parties where data security is essential - such as Gasterra and Gasunie - have relied on our services, software and hosting. This knowledge and expertise has now been recognised and confirmed by the ISO certification.