To guarantee the quality and safety of our services, INISI is ISO and NEN certified in various areas. This means that we have systematically recorded how we have organised our processes and systems and that we adhere to the agreed working method.
To ensure that we maintain the high level of quality, this is assessed annually by an external auditor (DNV GL). As such, it is possible to give an extra area of attention to the auditors.
IT projects are becoming increasingly complex. New technological developments follow each other faster and faster. The needs and requirements of end users are constantly changing. And many different parties are often involved in the realisation of a project. All this requires intensive cooperation and constant coordination. To do so, it is very important that work is done in a methodical way.
For us this was a reason to ask the auditors to critically question us this year about the focus area "Methodical working".
What did we do well:
- The structured way of working at Sales Support with standard templates and the use of a folder with a copy of the current orders;
- The use of fixed templates and checklist for the implementation, such as technical design and system management instructions;
- The professional approach for a technical design with a high level of detailing and risk identification, design is reviewed as standard;
- Applying a Work Breakdown Structure (WBS) at an early stage of the assignment;
- The proper structure of a project plan with elaboration and mitigation of risks and project planning;
- The good service reports from TOPdesk.
What could be better:
- To record information, make more use of existing systems (such as TOPdesk) instead of individual documents;
- Keep our ISMS more “lean and mean” so that it reflects the organisation better and we can use it more effectively;
- Pay even more attention to familiarity with procedures regarding implementation, documenting and project evaluation.
Good to see that we have many things in order and where we can (continuously) improve!
From NEN 7510: 2011 to NEN 7510: 2017
Information security is of high importance, certainly in the healthcare sector where medical and patient data are managed and exchanged. In addition to guaranteeing quality criteria, the NEN 7510 standard requires that information security measures are set up in a verifiable manner before adequate information security can be discussed.
The existing NEN 7510 standard has recently been revised. The new NEN 7510: 2017 has become risk-based and in this way follows the working method that has been practised at ISO 27001 since 2013. Therefore, INISI did not have to drastically adapt its working method to the new standard: based on a risk assessment, we made choices as to which measures contribute to the reduction of risks and we have implemented these measures.
INISI has the following Management System Certificates:
- ISO 9001:2015 (Quality)
- ISO 14001:2015 (Environment)
- ISO/IEC 27001:2013 (Information Security)
- NEN 7510:2017 (Information Security Healthcare)