Contact us    NL/ EN

Policy

A well-constructed policy is the foundation of solid cybersecurity. It is important that the policy is not only tailored to the risks, but also to the way your company works. This way you ensure that processes and procedures actually serve their purpose and are applied accordingly.

Services

We have experience with various standard frameworks and activities related to policy. Feel free to contact us if you are looking for something specific that is not mentioned in the selection of our services described below.

ISO 27001

Having a (standard) framework in place allows you to have all documentation centralized, and the ability to track and register administrative measures. ISO 27001 is one of the most commonly used standard frameworks for setting up an information security management system (ISMS). This framework is high in demand since it provides guidance for implementation, and the certification can be used to demonstrate that you have your information security in check.

We help our customers implement this framework within their organization in a way that is future-proof and easy to maintain.

Why choose PuraSec?

  • Efficient and effective thanks to extensive knowledge and experience with ISO 27001 (Expected implementation 3-4 months)
  • Future-proof implementation including knowledge transfer
  • Focus on preparation and guidance to successfully pass the audit

NEN 7510

NEN 7510 is the standard framework for care. This structure is based on the ISO 27001 framework and is strengthened with a number of care-specific measures. It is critical for the security standards of healthcare organizations to be implemented accurately and are easy to maintain. This is why the NEN 7510 certification is often mandatory in care.

This framework has a similar structure to the ISO 27001 with centralized documentation and checks that are easy to register. The NEN 7510 framework includes a guideline for implementation and certification that is intended to demonstrate that the organization meets the needed security standards.

Why choose PuraSec?

  • Efficient and effective thanks to extensive knowledge and experience with ISO 27001 (Expected implementation 3-4 months)
  • Future-proof implementation including knowledge transfer
  • Focus on preparation and guidance to successfully pass the audit

Security officer (flexible)

The security officer is an important link in monitoring and maintaining policy and measures. However, for many Small and Medium Enterprises, it is not necessary or feasible to hire an (expensive) full-time employee with the required knowledge to fulfil this role.

Here comes in PuraSec’s security officers who can be deployed and adapted to the needs of the organization, whether that is on call, for a fixed number of hours on location or completely remote (virtual security officer).

These security officers have the mandatory knowledge and experience to set up an appropriate policy and to follow up issues and incidents. Being approachable and motivated to involve all stakeholders in the matter PuraSec’s security officers make sure all information will be guarded in various areas.

Why choose PuraSec?

  • Efficient and effective whether that is on-site or remote
  • All activities are based on consultations with the customer
  • Single point of contact for all security issues
  • Specialized knowledge within PuraSec in the field of policy and technology

ISMS support

In addition to providing a security officer that has a broader role within the organization, it is possible to inquire advice to maintain the ISMS. This means PuraSec will follow up the process with the established periodic steps, setting up and maintaining documentation based on input from the organization and providing advice on the standard framework.

Just like the flexible security officer service, the ISMS support can be offered: on call for a fixed number of hours, on location, or completely remote (virtual security officer).

Why choose PuraSec?

  • We offer flexible communication: on-site or remote
  • We have a practical approach, focused on targets
  • To unburden companies, we additionally offer "cybersecurity as a service" in which pen tests and awareness training are given annually.

We think it is important that the policy matches the business profile and maturity of the organization. Having a policy in check is not the end goal, it is just the beginning.

A well-constructed policy should be accessible and clear, so it is optimized to facilitate the end goal. We approach this by:

  • Pragmatic focus on the existing organization
  • Prioritizing knowledge-sharing and securing information
  • Creating a clear and understandable policy and standard frameworks
  • If possible, use tools to make processes even more transparent, accessible and controllable