03 November 2022
Big advantage for SMEs
Two years after the official opening, Cyber Resilience Center Brainport (CWB) is starting to certify its members. This allows participants of the foundation to demonstrate the state of the information security of their company. This is independently tested by TÜV Nederland. Both parties have the ambition to further develop CYRA into a national standard that is also open to sectors other than the high-tech & manufacturing industry.
ISO 27001 is currently the international standard for information security. “For many companies, this standard is not necessary or not feasible”, explains innovation manager Vincent Schijven of TÜV Netherlands. With input from cybersecurity professionals and the CWB, a model has therefore been developed that focuses entirely on concrete measures that contribute to both information security and privacy.
There are three certificates: Basic, Intermediate and Advanced. To be eligible for this, one must meet measures in the field of organisation, technology, personnel, privacy and physical security. The way they are performed determines the maturity level. This has three gradations: ad hoc (inconsistent), best effort (consistent and structured) or defined (formal and structured). Together they provide insight into the cyber resilience of an organization and also tools to achieve a higher level.
TÜV Netherlands has developed an online application especially fort he assessment and audit, which can be used to determine the cyber resilience level of an organization based on questions and statements. This application becomes available to CWB participants after registration.
CWB director Paul van Nunen: “Improving cyber resilience is the aim of the CWB. To this end, participants work together, warn each other about vulnerabilities and we organize knowledge sessions. CYRA goes one step further. Because now all entrepreneurs in the chains of the high-tech & manufacturing industry can find out via the foundation what needs to be done to be truly cyber-resilient. They may consider the measures for the basic certificate as minimum requirements for a secure organization. So it creates trust if a supplier can show a certificate and that saves purchasing departments work.”