SURFaudit

Audit your information security and privacy

Has your institution organised the security and continuity of its company data, and the privacy of its users? Have your business partners done so? With SURFaudit you can tell what to do for a minimum level of security and privacy. Compare the audit results of various departments or institutions and see where your institution stands.

Assess your information security with a standards framework

Using SURFaudit, you can perform an information security assessment at any time, either for the entire organisation or for divisions. SURFaudit provides standards and baselines setting out the minimum requirements for ensuring the security and continuity of business data and the privacy of students and staff. The framework is the basis of SURFaudit’s self-assessment system. In addition, you can request a peer review at your own institution, carried out by specialists from other institutions, giving you an external assessment of information security in your organisation. Periodically, a sector-wide benchmark enables you to compare the state of your information security against other institutions. The SCIPR community provides a platform for exchanging experiences with SURFaudit and measures taken by various institutions.

Improving information security

SURFaudit gives you a clear idea of how well your institution has information security under control, and what the priorities should be for improvements. SURFaudit benchmarks are regularly carried out to show the state of the sector and how institutions are performing in relation to each other. You can use the results of a SURFaudit as evidence for supervisory bodies or accountants.

Available for all institutions

SURFaudit is available for all institutions connected to SURFnet. The assessments can be applied to the institution as a whole, or to a department. For carrying out assessments SURFnet provides the Smile platform. Several standards are included in the tool.

SURFaudit ambition

SURFaudit's ambition is to be the only security and privacy audit for education institutions. A regular SURFaudit assessment pre-empts other audits and can be used for the the financial statement audit. An institution can use SURFaudit to demonstrate that they are a reliable partner that handles company and personal data with care.

More information

This is an optional SURFnet service.

Latest modifications 19 Feb 2018