Decos is no stranger to complying with national and international and sector-specific standards and/or agreements.
For instance, we have long been certified according to the international ISO/IEC 27001:2017 which is a globally recognised standard in the field of information security. Also, we adhere to ISO 16175 (previously NEN 2082) governing archiving standards. In addition, we are familiar with the Dutch Government Information Security Baseline (BIO). The BIO describes the interpretation of the NEN-ISO/IEC 27001:2017 and NEN-ISO/IEC 27002:2017 standards for the government.
Our current ISO27001:2017 certificate and accompanying statement of applicability can be found here.
Another example of a standard that we follow is the 'comply or explain' obligation of the Netherlands Standardisation Forum. Not everything on this list applies to Decos. But of course generic things such as DNSSEC or the correct TLS version are.
We are also in the process of implementing the SOC2 category of the Service Organisation Controls (SOC) framework. A SOC2 audit measures the effectiveness of a Cloud Service Provider (CSP) based on the American Institute of Certified Public Accountants (AICPA) Trust Service Principles and Criteria. At the end of the process, this first results in a SOC2 type 1 report (design/existence) and, after a fixed agreed period, (often 3, 6 or 12 months) an SOC2 type 2 report (operation).
Decos has an ISAE3000 - SOC2 type 1 report. This report can be requested via your account manager. There will be a fee charged in order to receive this report. We expect the first SOC2-type2 report at the beginning of Q3 2022.
For our products for which we offer a DigiD connection, we also meet the standard set by Logius. Decos is here for audited by an approved auditor associated with Norea. An up-to-date assurance report of this audit is available to our (future) DigiD customers.