SURFaudit benchmark: participate and see where you stand

Why participate in the SURFaudit benchmark?

There are many reasons to participate in the SURFaudit benchmark. The most important ones are:

1. Gain insight into the state of your information security and privacy protection
   How does your institution handle information security and privacy protection? Is it under control? And how do you compare to fellow institutions and to your and our ambition?
2. You contribute to the view of the entire education and research sector with respect to information security and privacy. That way we gain insight into trends and into our strong and weak points. We use that information to develop plans and initiate new joint projects to make the sector more resilient as a whole.

How does it work?

Each participating institution carries out the SURFaudit self-assessment. In the self-assessment you determine at which maturity level the controls are applied. Controls in the self-assessment method are grouped into the 6 clusters taken from the Standard for Information Security in Higher Education:

1. Policy and organisation
2. Staff, students and guests
3. Rooms and equipment
4. Continuity
5. Confidentiality and integrity
6. Monitoring and logging

This way we see which clusters need extra attention and which are in control for the sector as a whole.

Results of the benchmark

We process all scores entered by the participating institutions in a report that provides a sector-wide analysis of the results. We treat all scores confidentially and only share them with your own institution to show you where you stand compared to the sector as a whole.

• Rapport SURFaudit benchmark 2019 (PDF, in Dutch)
• Rapport SURFaudit benchmark 2021 (PDF, in Dutch)

More information and applying for SURFaudit

• You can find more information on our SURFaudit wiki (behind log in; in Dutch).
• For specific questions, please contact Abdul Altawekji via abdul.altawekji@surf.nl.