ISO 27001

  • 2020 ffiqs ISO 27001 certified. PNO HR and PNO IT/ICT departments provide internal services to ffiqs.
  • 2021 Nehem ISO 9001 / 27001 based on internal HR / IT services.
  • 2022 EGEN ISO 9001 / 27001 based on internal HR / IT services.
  • 2022 INNEN (InnovationEngineering) part of PNO group ISO 9001 / 27001.
  • 2022 CiaoTech S.l.r. ISO 9001 certified

ISO certification is often a crucial issue in the client’s procurement policies. ISO 27001 and GDPR both concern handling of (personal) data governance. The main topics are availability, security, and integrity.

Integrity is about whether the information is up-to-date and correct. Back-up management is for sure an issue here. The ISO 27001 certification of ffiqs entails certification of PNO HR and PNO IT/ICT departments.

Safety concerns issues like storage and send/receive information. A good practice is to use FileCap to protect email attachments. Within PNO client dossiers are stored on SharePoint which is managed by IT Enschede, the Netherlands/the Service Desk.

Availability has to do with information access by staff/users/Data Subject. The GDPR demands limited and controlled access to Personal Data. When the period of consent is over availability must be zero.

Within 24 hours a Data breach must be relayed to the PNO Servicedesk by mail (ServiceDesk@pnoconsultants.com) and a copy to the DPO (use gdpr@pnoconsultants.com). PNO uses the form by the DPA for registering a Data Breach. This process must be finished within 72 hours after the breach is knowable. See https://datalekken.autoriteitpersoonsgegevens.nl. When a device (phone, laptop, etc.) is stolen an official police report must be handed in at the Service Desk.