Grexx passed again its ISO 27001 and NEN 7510 certifications!
Great news! We have yet again passed the recertifications for ISO 27001 and NEN 7510.
Great news! After an intensive audit, we have yet again passed the recertifications for ISO 27001 and NEN 7510.
Grexx has been continuously certified for ISO 27001 and NEN 7510 since 2017. Certification is crucial because information security is an important part of our compliance program. At Grexx, we apply three standards:
• ISO 27001 is the international standard for information security and data protection. This management system gives our users assurance that Grexx has information security in good order and complies with all relevant laws and regulations.
• NEN 7510 is the Dutch standard for information security in healthcare. Thus, healthcare institutions can be confident that Grexx meets all the requirements around accessing, processing, and storing medical data.
• We also have an ISAE 3402 assurance statement prepared annually. As a control framework (management objectives and measures), we use the SOC 2 Trust Service Criteria.
These three standards, as well as the General Data Protection Regulation (GDPR) are central to our compliance program, instilling confidence in our customers who entrust their data to Grexx Platform.
Everything under control with GRC-Boxx
We manage our compliance using our own management environment, GRC-Boxx, our tool for Governance, Risk management, and Compliance and of course, on Grexx Platform.
GRC-Boxx helps clients optimize processes at their own pace and in their own way. It sees governance, risk management, compliance, and auditing as a continuous process. This is necessary mindset: it’s not a one time task or something done solely for the purpose of an audit; rather it should be continuously implemented in line with business objectives.
Audits are, however, an important part of the process. Some features that come in handy:
• In GRC-Boxx, we link the requirements of standards frameworks with control measures and associated supporting documents and records.
• GRC-Boxx supports a PDCA (Plan-Do-Check-Act) cycle for continuous improvement, as well as a simpler periodic review cycle.
• GRC-Boxx supports both internal and external audits: findings, recommendations, and assessments are recorded. In case of non-conformity, you can initiate and monitor corrective actions until completion, after which you can re-audit.
Continuously compliant
GRC-Boxx functionality such as this helps us and other users to be continuously compliant and handle any irregularities that may arise in an appropriate fashion. Wondering how GRC-Boxx would help your organization? Please contact us for a demo; one of our colleagues will be happy to tell you more about it.
Certification audits are an intensive process. GRC-Boxx makes that process as easy as possible. And at Grexx, we learn new things from every audit that we incorporate directly into GRC-Boxx.