ISO 27001

In 2020 ffiqs was ISO 27001 certified. HR and IT/ICT departments provide internal services to ffiqs. The ISO certification is often a crucial issue in the client’s procurement policies. ISO 27001 and GDPR both concern handling of (personal) data governance. The main topics are availability, security and integrity.

Integrity is about whether the information is up-to-date and correct. Back-up management is for sure an issue here. The ISO 27001 certification of ffiqs entails certification of PNO HR and PNO IT/ICT departments.

Safety concerns issues like storage and send/receive information. A good practice is to use FileCap to protect email attachments. Within PNO client dossiers are stored on SharePoint which is managed by IT Enschede, the Netherlands/the Service Desk.

Availability has to do with information access by staff/users/Data Subject. The GDPR demands limited and controlled access to Personal Data. When the period of consent is over availability must be zero.

Within 24 hours a Data breach must be relayed to the PNO Servicedesk by mail (ServiceDesk@pnoconsultants.com) and a copy to the DPO (use gdpr@pnoconsultants.com). PNO uses the form by the DPA for registering a Data Breach. This process must be finished within 72 hours after the breach is knowable. See https://datalekken.autoriteitpersoonsgegevens.nl/melding/aanmaken?1. When a device (phone, laptop, etc.) is stolen an official police report must be handed in at the Service Desk.