SURFaudit - audit your information security and privacy

Have you organised appropriate protection to ensure the security and continuity of your company data, and the privacy of your users? Have your business partners done so? SURFaudit will tell you what you need to do for a minimum level of security and privacy. Compare the audit results of different departments or institutions and see where you stand.

Assess your information security with a standards framework

Using SURFaudit, you can perform an assessment at any time of your information security, either for the entire organisation or for divisions. SURFaudit provides a standards framework setting out the minimum of what an institution should have in place to ensure the security and continuity of business data and the privacy of students and staff. This standards framework is the basis of SURFaudit’s self-assessment system. You can also have specialists from other institutions carry out a peer review at your own institution, giving you an external assessment of information security in your organisation. You can also participate in a periodic sector-wide benchmark.  Experiences with SURFaudit and substantive measures in response to the framework of standards can be exchanged via the SCIPR community.

Improving information security

SURFaudit gives you a clear idea of how well your institution has information security under control, and what the priorities should be for improvements. SURFaudit benchmarks are regularly carried out to show the state of the sector and how institutions are performing in relation to each other. You can use the results of a SURFaudit as evidence for government authorities or accountants.

Available for all institutions

SURFaudit is available for all institutions connected to SURFnet. The assessments can be applied to the institution as a whole, or to a department. We advise to use COABLE  for carrying out the assessments. You can purchase a licence for this software through SURFmarket.

SURFaudit ambition

SURFaudit's ambition is to be the only security and privacy audit for education institutions. SURFaudit renders other audits superfluous and ties in with the audits within the framework of the audit of financial statements. An institution can use SURFaudit to demonstrate that they are a reliable partner that handles company data and personal data with care.

More information

This is an optional SURFnet service.

Contact us:

Bart Bosma

Technical product manager Trust & Security

  • +31-887873000
  • This email address is protected. Please activate JavaScript to view it.
Latest modifications 20 Jul 2017