Audit your information security and privacy
Assess your information security with a standards framework
Using SURFaudit, you can perform an information security assessment at any time, either for the entire organisation or for divisions. SURFaudit provides standards and baselines setting out the minimum requirements for ensuring the security and continuity of business data and the privacy of students and staff. The framework is the basis of SURFaudit’s self-assessment system. In addition, you can request a peer review at your own institution, carried out by specialists from other institutions, giving you an external assessment of information security in your organisation. Periodically, a sector-wide benchmark enables you to compare the state of your information security against other institutions. The SCIPR community provides a platform for exchanging experiences with SURFaudit and measures taken by various institutions.
Improving information security
SURFaudit gives you a clear idea of how well your institution has information security under control, and what the priorities should be for improvements. SURFaudit benchmarks are regularly carried out to show the state of the sector and how institutions are performing in relation to each other. You can use the results of a SURFaudit as evidence for supervisory bodies or accountants.
Available for all institutions
SURFaudit is available for all institutions connected to SURFnet. The assessments can be applied to the institution as a whole, or to a department. For carrying out assessments SURFnet provides the Smile platform. Several standards are included in the tool.
SURFaudit's ambition is to be the only security and privacy audit for education institutions. A regular SURFaudit assessment pre-empts other audits and can be used for the the financial statement audit. An institution can use SURFaudit to demonstrate that they are a reliable partner that handles company and personal data with care.
This is an optional SURFnet service.