Information security in 2024 is more important than ever before. From identity documents and CVs to competition-sensitive information: a VMS is full of data that hackers are eager to get their hands on. Nétive VMS has been re-certified for ISO27001, the international standard for information security. Mike van der Wal, Chief Information Security Officer, explains why this is so important.
Security is key in everything we do
‘Our VMS Suite is used by several large clients for their hiring process. And several partners use the system for their services. All kinds of documents are uploaded into such a system. These contain personal data and competition-sensitive information. For example, personal data of applicants, information about the hours they write and data about the rates at which people are hired.’
That puts a big responsibility on Nétive VMS. To secure that data as well as possible and to prevent anyone from gaining unauthorised access. ‘According to the GDPR, you are obliged to take certain measures around security anyway. That’s the legal framework,’ Van der Wal points out. ‘But regardless of the law; Nétive VMS’s vision of information security is Secure by Design. This means that we focus on ensuring that data security is not a capstone of our operations, but the starting point for everything we do.’
Nétive VMS’ mission statement reads ‘We want to connect every player in the job market effectively, sustainably and securely,’ explains Van der Wal: ‘We see information security not as a one-off project, but as an ongoing foundation in all our business activities. The fact that we are now re-certified to the new and stricter ISO standards is also great news from that point of view. We see it as a confirmation that we really do translate our mission into practice.’
In the eight years Mike van der Wal has worked at Nétive VMS, he has seen the importance of information security increase. ‘Nowadays you have the GDPR, higher fines and tighter controls. In addition, hackers are becoming more and more professional.’
Six years ago, Nétive VMS certified itself for the ISO27001 standard for the first time. Three years ago, after an extensive audit, that certification was renewed and in 2023 it was renewed again with tightened criteria. ‘That certificate indicates that our security is at a mature level. Every year, an external auditor checks our security measures based on random samples and once every three years everything is examined.’
The VMS system itself is not certified, it’s the organisation. ‘How do employees deal with information security risks? As a company, do we have a proper onboarding procedure? Are employees trained on information security? And it involves technical matters such as network security, penetration testing and application of encryption to data.’
Improving every day
The audit includes interviewing company employees to see if they know the processes. Mike van der Wal: ‘Such an auditor is then here for five days. Apart from those audits, we obviously try to improve the systems and tighten the processes every day. Is there a hacking attempt? Then we look at what the hackers tried and whether we can take additional measures.’
Even if you have your processes in perfect order, security starts with the human element. Most incidents arise from human error. For instance, someone might share their password, use the same password for every system, or accidentally click on a phishing link. Information security begins and ends with the human factor.
Van der Wal: ‘We provide new employees with a security training on their first day of work. Additionally, we conduct a monthly security awareness training. We teach our employees to consider information security from the very beginning of everything they do. When collaborating with a client, make agreements at the outset on how to securely exchange information. And when a developer designs and develops a new application, they must already think about how to make the code secure. As mentioned, we adhere to Security by Design. Safety first, and that’s a guarantee we provide to everyone working with Nétive VMS.’
The certification has been conducted by DEKRA, one of the largest testing and certification bodies in the world. DEKRA possesses extensive expertise in auditing and certifying management systems in the areas of quality, safety, sustainability, and information security.