SURFaudit - audit your information security and privacy
Assess your information security with a standards framework
Using SURFaudit, you can perform an assessment at any time of your information security, either for the entire organisation or for divisions. SURFaudit provides a standards framework setting out the minimum of what an institution should have in place to ensure the security and continuity of business data and the privacy of students and staff. This standards framework is the basis of SURFaudit’s self-assessment system. You can also have specialists from other institutions carry out a peer review at your own institution, giving you an external assessment of information security in your organisation. You can also participate in a periodic sector-wide benchmark. Experiences with SURFaudit and substantive measures in response to the framework of standards can be exchanged via the SCIPR community.
Improving information security
SURFaudit gives you a clear idea of how well your institution has information security under control, and what the priorities should be for improvements. SURFaudit benchmarks are regularly carried out to show the state of the sector and how institutions are performing in relation to each other. You can use the results of a SURFaudit as evidence for government authorities or accountants.
Available for all institutions
SURFaudit is available for all institutions connected to SURFnet. The assessments can be applied to the institution as a whole, or to a department. We advise to use COABLE for carrying out the assessments. You can purchase a licence for this software through SURFmarket.
SURFaudit's ambition is to be the only security and privacy audit for education institutions. SURFaudit renders other audits superfluous and ties in with the audits within the framework of the audit of financial statements. An institution can use SURFaudit to demonstrate that they are a reliable partner that handles company data and personal data with care.
This is an optional SURFnet service.