Your data is guaranteed to be safe
Covid Test Center Amstelland B.V. considers it very important that we handle your and our data carefully, safely and reliably. We work according to the standards described in the NEN7510 (https://www.nen.nl/en/certificatie-en-keurmerken-nen-7510). This standard describes how you as an organization can set up your processes to protect company and personal data. Our information security policy is laid down in various policy documents. We will gladly send you a copy on request. We have included a summary for you on this page.
The information security policy in a nutshell:
- Information security is managed at board level.
- We have established a clear internal organization governance framework for the implementation and execution of information security.
- We have clear agreements about the use of mobile equipment and teleworking.
- We screen our employees before employment, and we have laid down the way in which they should handle information in the terms of employment.
- We periodically provide training and awareness regarding information security during employment.
- At the end of an employment relationship, we ensure in a controlled manner that all access to company resources and information systems is removed.
- All company resources made available to employees are registered and their use is subject to rules.
- All data we create, store or have access to is classified. An appropriate level of protection has been applied on the basis of that classification.
- Veltwerk has drawn up requirements and policies to limit access to information and information processing facilities.
- We use personal attributed accounts and employees only have access to the data that is necessary. Employee activity is tracked (logging) and access rights are reviewed periodically.
- All systems are equipped with Multiple Authentication (MFA)
- All data on mobile devices is stored encrypted.
- All data is protected against loss, damage and theft.
- Appropriate measures have been taken to protect the data against viruses and malware.
- Events and activities are recorded in order to be able to conduct research in the unlikely event that this is necessary.
- We have established rules that the software and suppliers that we use to do our work must comply with.
- We periodically check our own systems and customer systems for vulnerabilities.
- We have taken measures to secure our data communication.
- We have established a policy regarding the development of new products and software.
- We periodically assess our suppliers in terms of information security.
- We have clear procedures on how to deal with information security incidents
- We assess information security risks in a structured and periodic manner and take countermeasures.
- We check the relevant legislation and regulations in a structured and periodic way.
- We have our policy reviewed by independent external parties in a structured and periodic manner