CBS is certified for quality, information security and privacy protection
CBS is responsible for compiling official statistics and publishing the results. A prerequisite of this task is that the quality of this statistical information is guaranteed. As the basis for its statistics, CBS collects a large amount of data about persons, households, companies and institutes.
All the relevant parties need to be absolutely sure that their data is in safe hands. CBS has therefore set up a management system for quality, information security and privacy protection, based on the highest international standards. CBS is seeking to continuously improve and safeguard the quality of its products and services. Therefore CBS is aiming to obtain certification for its products and services.
Product and service quality
With the implementation of the quality management system, CBS and the statistical processes comply with an internationally recognised quality standard.
Since 2019, DNV GL has annually determined that the quality management system of the entire CBS organisation complies with the international standard in this field: ISO 9001: 2015.
Information security is aimed at safeguarding the availability, integrity and confidentiality of source data, information systems and statistics. ISO 27001 is one of the mandatory standards for the Dutch government. The standard contains requirements for the information security management system and indicates in which areas security measures are to be taken.
In an EU context, CBS implements the ESS IT security framework, which is derived from ISO 27001. As part of the Dutch public sector, CBS implements the Government information security baseline (BIO 2017). This is a tactical set of standards which is also derived from ISO 27001.
Since 2017, the entire CBS organisation has been certified for ISO 27001:2013. By combining ISO 27001 certification and the Privacy Audit Proof certificates, CBS is also able to demonstrate compliance with the requirements of BIO. In addition, CBS is certified for the ESS IT security framework.
Privacy protection encompasses the set of measures that ensures adequate protection of personal and company data. A large part of these measures relate to data security and therefore overlap with the requirements for information security. Privacy protection is largely based on the General Data Protection Regulation (GDPR, in Dutch: AVG).
Since 2015, privacy audits have been carried out at CBS. These are conducted by an external auditor. Information security aspects also come up for discussion during privacy audits.
The Privacy Audit Proof mark in accordance with the Privacy Control Framework of NOREA, awarded by Duijnborgh Audit to CBS.