Continuous improvement is something you do together: ISO 9001, 27001 and NEN 7510 recertification
We are proud to announce that we have received a positive advice regarding three certifications within our organisation. This confirms our commitment to delivering quality and secure solutions to our customers.
We hold the certifications for:
- Information security in health care: NEN 7510-1:2017 + A1:2020
- Quality management system: ISO 9001:2015
- Information security: ISO/IEC 27001:2013
In a hybrid format (2 days on site, 1 day remote), two auditors were commissioned by DNV to visit our organisation. This time, Lead Auditor Paul Ten Holter took Leo Benschop with him and we went through the audit together in a relaxed, pleasant and constructive manner.
Several people from the team were interviewed, questions were asked and answered, the changes and working methods were gone through. Notes were made. Within our organisation, various systems and working methods have been adjusted, so this was an extra special opportunity for us to test how we are doing. The underlying aim has always been to stimulate continuous improvement within Four Digits. A combination of knowledge transfer, awareness-raising and keeping a critical eye on yourself.
A little bit of history
In 2009, we started working with ISO 9001:2008. ISO 9001 contains the criteria for a quality management system. This standard is based on a number of quality management principles, including a strong customer focus, the motivation and involvement of top management, the process approach and continuous improvement.
In 2015, we transitioned from ISO 9001:2008 to ISO 9001:2015, the updated version of ISO 9001. Then, in 2019, we added two certifications to this in the area of information security:
ISO/IEC 27001 is an international standard for the management of information security. The standard was originally published jointly by the International Organization for Standardization and the International Electrotechnical Commission in 2005 and subsequently revised in 2013. and
NEN 7510, the norm for information security in healthcare. Quality of service in the healthcare sector is of great importance. In addition to guaranteeing quality criteria, the NEN 7510 standard requires that information security measures must be set up in a verifiable manner before one can speak of adequate information security.
The certification shows:
- How our team handles privacy-sensitive information.
- That we guarantee development and continuity of your data processing organisation.
- That our organisation handles (patient) data with confidentiality and integrity.
Why should we certify?
The certifications make us aware of what we are doing and are increasingly a (requested) standard in the industry in which we operate.
What data do we have to deal with and how do we make agreements about it?
- How confidential is this information?
- Why do we store the information?
- How do we secure the agreements we have made?
- Do we explain what we do? Do we do what we say? Can we prove it?
It encourages us to keep thinking about the quality and security of the software we create for our current and future clients.
Learn, improve, grow, repeat
Maintaining these certifications is a continuous process. We find continuous improvement a challenge. For that reason, we are once again looking at the suggestions of this external audit and how we can shape and implement this within Four Digits in a nice way. After all, you are never too old to learn!
Word of thanks
I would like to thank Paul Ten Holter and Leo Benschop for the once again pleasant way of auditing. Last but certainly not least, I would like to thank the entire Four Digits team for providing critical input and supporting the audit.