At Johan.nl, data security and privacy have been central from the beginning. We have been ISO 27001 certified every year since our founding, and as of this year we are proud to add NEN 7510 certification. These certifications are not only recognition of our hard work, but also provide tangible benefits for our partners and our day-to-day operations. In this article, we provide an insight into how we handle information security, privacy and compliance.
Why are ISO 27001 and NEN 7510 important?
ISO 27001 is the international standard for information security. It ensures that companies have a robust management system to protect data from cyber threats, data breaches and internal risks. NEN 7510 goes a step further and focuses specifically on the healthcare sector. This standard places additional requirements on how health data is processed, stored and secured.
For our customers - ranging from health and safety services, PMO parties, consultancies to healthcare institutions - this means that their data is in safe hands. At a time when data breaches and cyberattacks are a daily risk, it is crucial to be able to rely on a software partner that takes security and privacy seriously.
What do these certifications mean for our day-to-day operations?
Our certifications are not a "paper tiger. They directly affect the way we work and how we set up our processes. On a daily basis, this means, among other things:
- Strict access control: Only authorized stakeholders have access to sensitive data this is carefully logged and monitored.
- Continuous monitoring and audits: We conduct regular internal and external audits to ensure that we meet standards.
- Controlled software development: with every code update, security and privacy are factored into the development cycle.
- Incident management and response: We have clear protocols in place to deal quickly with security incidents.
- Regular training: Our staff is continuously trained in the latest developments in privacy and security.
Roles and responsibilities within Johan.nl
To ensure that information security and privacy are structurally safeguarded, we have defined various roles and responsibilities within Johan.nl:
- Data Protection Officer (FG): This person oversees compliance with the AVG and monitors the processing of personal data within Johan.nl.
- Chief Information Security Officer (CISO): The CISO, together with management, is responsible for the strategic information security policy and ensures that all technical and organizational measures are up-to-date.
- Privacy Officer: Works closely with the FG and CISO and reviews new developments and technologies for potential privacy risks.
- Management Team: Bears ultimate responsibility for information security and privacy, setting strategic frameworks and providing the necessary resources to remain compliant.
- Developers and IT specialists: Implement Privacy by Design and Security by Design in all software developments and ensure secure infrastructure.
- Compliance and audit team: Conducts periodic audits to ensure that all processes and systems continue to meet ISO 27001 and NEN 7510 standards.
Privacy by Design: privacy as the foundation
One of the core principles within Johan.nl is Privacy by Design. This means that when developing new functionalities, privacy is taken into account from the first design phase. We always take a Privacy First approach, looking critically at how and why data is processed and whether less privacy-sensitive alternatives are possible. At the same time, we work on solutions to meet our partners' business opportunities to achieve maximum results in a secure manner.
To support this, we have a Privacy Officer, who oversees compliance with legislation such as the AVG and our internal policies. In addition, new technologies are always assessed for their impact on privacy and data protection.
Privacy as a pillar of our success!
Since the introduction of the AVG (General Data Protection Regulation), privacy has become an increasingly important part of digital services. Johan.nl has not seen these regulations as a burden, but as an opportunity. By investing in software automation and data management in accordance with the AVG, we have built a system in which customers are not only compliant, but can also work more efficiently and take advantage of opportunities.
Thanks to our certifications and strong focus on privacy and security, we not only unburden our customers, but they can also rely on a reliable and future-proof software solution. At Johan.nl, we continue to continuously evolve to maintain the highest standards and ensure a secure digital environment for everyone working with our platform!
Do you have questions about our certifications or privacy policy? If so, please contact us.