It all sounds very big and important, a certification like this; and it is. But what does it mean in practice? Why is it sensible for a customer to cooperate with an organisation who holds an ISO 27001 certificate? What is being done to information security in the daily practice? For I-FourC the protection of privacy-sensitive data is much more than just a paper certificate…

ISO 27001 is the international standard for information security. Closely related to this is the NEN 7501 standard. This is the same certification as ISO 27001, but for healthcare. I-FourC possesses both certificates and this is woven into all of their business processes.

No yearly moment of stress

An external organisation visits our company once a year to check if we still live up to the demands of ISO 27001. In most other cases, the organisation is a total chaos in the month before the auditor visits because they need to get everything in order. When the auditor has paid a visit, everything goes back to how it was. After eleven months, the yearly stress moment begins again. At I-FourC we do this differently: an internal audit team performs internal audits the whole year through. Employees of I-FourC test their colleagues, announced as well as unannounced, on the procedures which are of importance to ISO. This works great!


It is one thing to have all the procedures, but to live up to them is another. The auditor always asks for a burden of proof. For example, when an employee states that a complaint has to be dealt with within 48 hours according to the procedure, the auditor will probably ask to prove this. You have an ISO 27001 certification for a reason; your organisation has to live up to it.

Awareness and improvements

Besides living up to the procedures, there are several other affairs which contribute to information security. The creation of awareness amongst employees is one of them. By holding interesting sessions, providing information and stressing the importance of information security during meetings, every employee, in every layer of the business will get involved in the process. No matter how well the processes are established, there is always room for improvement. For example, a recent change is that employees who work with privacy-sensitive information can’t use their phone in their workplace anymore. In this way we keep improving and we’re open to changes.

ISO 27001 is an essential part of I-FourC. In physical as well as in digital form we breathe information security. Not only during our yearly audit, but every day. So when you’re looking for a partner to process your privacy-sensitive data, choose smart. Choose ISO 27001.

Gemeente Venray Maasziekenhuis Pantein Reade GGD Twente

Stay up to date

This website uses cookies to give you the best experience. Read our privacy policy. Agree by clicking, scrolling or clicking on the 'Accept' button.