In the ISO 27001-standard, a process-based approach for establishing, implementing, executing, monitoring, maintaining and improving information security is based on an Information Security Management System. Specifically for the healthcare sector, a process-based approach has been described in the NEN 7510-standard.
With both ISO 27001 and NEN 7510 certifications, organizations exhibit to their clients that they have the information process under control and process client data in a secure way.
To obtain ISO 27001 or NEN 7510 certifications, organizations must be able to demonstrate adequate security of their applications and underlying systems. Web Security Scan offers organizations support before, during or after the certification process with an ISO 27001/NEN 7510 penetration test, consisting of extensive research on the security of IT systems and networks.
Penetration Testing for ISO 27001/NEN 7510 Certifications
A component for obtaining an ISO 27001 or NEN 7510 certification is the execution of a penetration test. In this way, the current state of security is mapped out and demonstrated where it needs to be improved. The report enables the organization to demonstrate to the auditor that the necessary precautions have been taken to protect sensitive information against unauthorized access and processing.
Request a quote now for a ISO 27001/NEN 7510 pentest, view our pricing model or contact us for more information.
Already ISO 27001 or NEN 7510 certified, why still perform a pentest?
Your organization is already ISO 27001 and/or NEN 7510 certified and has designed an Information Security Management System (ISMS) to control information security. As part of the Plan-Do-Check-Act cycle, an internal audit or a risk analysis must be carried out in order to improve as an organization. By means of a (periodic) pentest, the organization gains insight into the potential risks and input for implementing improvements in the ISMS. This way, the organizations is able to protect itself against external attacks and can be timely adjusted for vulnerabilities and security risks.
When do you perform a pentest as part of your Information Security Management System (ISMS)?
- A penetration test contributes significantly to your ISMS project as part of the risk analysis process. Vulnerabilities in web applications, internal systems and applications are exposed and related to identifiable threats.
- As part of the risk treatment plan that allows you to ensure that all implemented measures work as they are supposed to.
- As part of the ongoing continuing improvement of processes, to ensure that measures are functioning properly, and that new and emerging threats and vulnerabilities are identified and corrected.