SURFsara obtains ISO 27001 certification for information security

Research data in safe hands

08 DEC 2016

On 2 December, SURFsara obtained ISO 27001 certification for information security. Purchasers of our services need to be confident that the research data and other confidential information stored and processed by SURFsara is in safe hands.

Protecting user data

This certification demonstrates that we meet the requirements of international standard ISO/IEC 27001:2013 in the field of information security. Certification to this standard demonstrates that we constantly work with information security in a structured way and that we do everything we can to protect user data. We identify risks systematically and implement technical and administrative measures to minimise risks and prevent security incidents. We monitor the latest developments in the field of information security closely and analyse the constantly changing threats in order to improve security measures. The suitability and effectiveness of actions are regularly reviewed and improved.

Detailed audit

Auditors from the certification body BSI performed a detailed audit of SURFsara. The standard states that an organisation must have embedded the approach to information security throughout the organisation and comply with eighteen requirements at operational, tactical and strategic level. BSI concluded that we have an effective Information Security Management System (ISMS) that is constantly reviewed and improved. SURFsara approaches information security as a learning organisation and the documents, procedures and measures are continuously improved.

More information

About security in education and research