Today, Marco Bijl, director of the auditor DigiTrust, presented the NIS2 Quality Mark certificate to Juri van Tuijl of Spatial Insight. NIS2 is the new standard that European member states must implement to make society resilient against digital attacks. In the Netherlands, the issuance of the certificates is managed by the foundation Kwaliteits Innovatie.
Peter Noordhoek, director of NIS2 Quality Mark: “It’s great that Spatial Insight has achieved their NIS2 QM10 certification and to be the first to do so! We started this initiative because it is very important that smaller companies also have their basic security in order, and this company has literally taken the first step on the ladder. The way this was done is inspiring for the whole initiative.”
Juri van Tuijl: “We all see around us how important it is to protect ourselves against malicious individuals and states. We have always handled the data we work with very carefully, and we are a small company, but when we heard that our customers will be required to comply with the NIS2 standard, we decided to define and implement more formal procedures. We used the templates and overviews from Samen Digitaal Veilig to do this, which was very helpful. We found that we could still do things better, and our entire team has become more aware of the risks that exist and how we can manage them.”
Marco Bijl responds: “During the audit, we went through the NIS2 requirements one by one and looked closely at the context of Spatial Insight and the choices they made in this regard. Ultimately, we were able to successfully complete the audit, which led to certification against the NIS2 Quality Mark.”
NIS, Network and Information Security Directive, is a European framework directive aimed at improving cybersecurity in the member states of the European Union. In 2022, NIS2 replaced the original NIS directive from 2016. The standard for network and information security was expanded to a wider range of sectors and services. The NIS2 directive describes improved cooperation between member states, stricter security requirements for companies and essential services, and an extended way of reporting cyber incidents. European member states are now in the process of converting the framework directive into national legislation.