Why is certification necessary?
CBS is responsible for compiling official statistics and publishing the results. A prerequisite of this task is that the quality of this statistical information is guaranteed. As the basis for its statistics, CBS collects a large amount of data about persons, households, companies and institutes.
All the relevant parties need to be absolutely sure that their data is in safe hands. CBS has therefore set up a management system for quality, information security and privacy protection, based on the highest international standards. CBS is seeking to continuously improve and safeguard the quality of its products and services. Therefore CBS is aiming to obtain certification for its products and services.
Product and service quality ISO 9001:2015
With the implementation of ISO 9001:2015 CBS’s current quality management systems and statistical processes are being updated to comply with an internationally recognised quality standard.
At the beginning of 2019, the external auditor DNV GL established that the quality management system of the entire CBS complies with the international standard in this field: ISO 9001: 2015.
Information security: ISO 27001:2015The goal of information security is the safeguarding of the availability, integrity and confidentiality of the source data, information systems and statistics. ISO 27001 is one of the mandatory standards for the Dutch government. The standard contains requirements for the management system for information security, and states the areas for which security measures must be employed.
At European Union level, an IT security framework based on ISO 27001 is used. Within the Dutch government, the Civil Service Baseline Information Security (BIR 2017) is used. This is a tactical set of standards also based on ISO 27001.
CBS is in 2017 certified for ISO 27001:2013. With the combination of ISO 27001 certification and the Privacy Audit Proof certificates, CBS will also be able to demonstrate compliance with the requirements of the European IT security framework and the BIR.
Privacy protection: Privacy Audit Framework
Privacy protection encompasses all the measures that safeguard the proper protection of personal and company data. A large proportion of these measures relate to the security of the data and thereby overlap with the requirements for information security. Privacy protection is largely based on the Dutch Personal Data Protection Act respectively the European General Data Protection Regulation (GDPR).
Since 2015 there have been privacy audits at CBS, carried out by PWC, an external auditor. Information security aspects also come up for discussion during privacy audits.
The Privacy Audit Proof approval mark is awarded by PWC to all statistical and supporting processes of CBS for 2018.