You have been certified by us for ISO 27001, or you are currently in the process of obtaining ISO 27001 certification. Are you aware of the possibility of using this certification within the Belgian NIS2 context?
This page consists of the latest information from the Centre for Cybersecurity Belgium, regarding the applicable conditions that ISO 27001 certification must meet in this context.
Scope
The scope of the Information Security Management System should cover the entire organization. Limitation of the scope is only possible if IT and OT environments are demonstrably physically or technically separated and any exclusions:
- are clearly documented;
- do not affect the risks of the environment that falls within scope;
- are explicitly defined.
Statement of Applicability (SoA)
The Statement of Applicability must demonstrate that your organization implements cybersecurity measures that are demonstrably equivalent to the measures from the CyFun® assurance levels Basic, Important or Essential.
The applicable assurance level is determined on the basis of your organization’s risk analysis. The CyFun® Selection Tool is used for this purpose. The established level is leading for the assessment within the ISO 27001 certification process.
Next steps
If you are interested, please take the steps below.
- Confirmation of scope
Determine whether the scope of the certification meets the conditions, including the justification of any exclusions. - Statement of Applicability (SoA)
Assess the SoA against the applicable CyFun® measures and evaluate which CyFun® assurance level has been determined by the risk analysis, and whether the Statement of Applicability demonstrates that the measures implemented by your organization are demonstrably equivalent to the requirements of this level. - Audit and assessment
To confirm that your ISO 27001 certification aligns with the Belgian NIS2 context, we perform a special audit. During this audit, we verify that the necessary adjustments have been effectively implemented within your Information Security Management System. If not all employees, activities and locations fall within the current scope yet, this special audit can be directly combined with an extension of the scope of your certification. - Outcome and confirmation
After successful completion of the process, your ISO 27001 certification will be updated and demonstrably usable within the Belgian NIS2 context.
What does this mean for your organization?
Would you like to know what this means in practice for your organization and how your ISO 27001 certification can be used within the Belgian NIS2 context?
Plan a meeting