PRZOOM - /newswire/ -
Utrecht, Netherlands, 2007/11/27 - EvoSwitch, the Dutch carrier-neutral data center that operates climate-neutrally, has been certified by Prof. Dr. Ronald Paans from Noordbeek IT Audit in accordance with the ISO 27001 standard. The certification process took two months to complete.
Professor Paans: "Only about 4000 ISO 27001 certificates have been issued worldwide." For customers, this means that their information is secured within EvoSwitch in accordance with the most stringent standards, and that the company complies with relevant legislation and regulations, such as the Personal Data Protection Act of the Netherlands.
“ISO 27001 is the standard when it comes to the reliability and safety of IT processes in a data center,” says Professor Paans. “You know for certain that the integrity, confidentiality and availability of data have been ensured. I had already audited various data center organisations together with Professor Dries Neisingh, one of the main advocates of IT certification in the Netherlands, who has since retired. However, never before had I seen an organisation such as this one apply for ISO 27001 certification. EvoSwitch is growing rapidly and this is impressive to witness, but up until now I had only issued the ISO 27001 certificate to really large international groups with a few thousand employees. Some 50 certificates for ISO 27001 certification have been issued in the Netherlands, so EvoSwitch is leading the way in this respect.”
Interviews and logbook checks
“What we saw within EvoSwitch looked most professional,” says Paans. “By examining documentation, observing and conducting interviews, we established that everything tallies within EvoSwitch, in terms of documentation as well as compliance with procedures. The setup of their IT processes conforms to the market standard for data centers as far as security is concerned. Diesel generators have to be started once a month, for example. Logbook entries allow you to verify whether this is actually done. There also has to be an appropriate division of duties, and adequate supervision via specific inspections performed by a security officer and at the request of management. To name just a few points.”
Difficult ISO questions
Paans found it interesting to observe that the ISO review did not place any additional burden on the EvoSwitch organisation. “An ISO review can be a difficult process for organisations,” explains Paans. “Your procedures have to be correct. Hard questions can be posed. We noticed that our questions were not considered burdensome. It was evident that EvoSwitch had already defined its own goals for attaining the highest level of quality. The company actually only wanted to demonstrate to its customers that it delivers quality.”
ISO is a continuous process
ISO 27001 also includes the Code for Information Security. This is one of the most stringent standards for information security, a standard that the Dutch Central Bank (DNB) also imposes upon financial institutions such as banks and insurance companies. EvoSwitch will be audited every year to ensure it complies with all of the points in the strict standard. This implies that EvoSwitch will have to continuously monitor that the undertaken measures are complied with. “It keeps our organisation alert,” says Laurens Rosenthal, Innovation Director of EvoSwitch. “It provides customers with the certainty that their data will be stored safely in the future as well. Incidentally, we do not only give this guarantee by setting up our information security properly. We also focus on our organisational policy, organisational processes, and our personnel.”
About Noordbeek IT Audit
Noordbeek (noordbeek.com) is a Dutch organisation for IT Audit, founded by Prof. Dr. Ronald Paans, a registered EDP Auditor and a Professor at the Vrije Universiteit in Amsterdam. The organisation’s aim is to provide confidence and certainty in a wide area regarding the application and quality of IT within organisations. Noordbeek is involved in various ways in the Post Graduate IT Audit Education Programme at the Vrije Universiteit, the Dutch professional association NOREA and the Platform Informatiebeveiliging (Information Security Platform). It possesses state-of-the-art insights into the domain. Noordbeek not only makes this knowledge available while carrying out assignments within organisations, but also by presenting customised courses and training programmes.
EvoSwitch (evoswitch.com) is a carrier-neutral data center with a green character (CO2- neutral). It is a facility located in the Amsterdam region with a floor area of more than 9,000 square metres where companies can house their IT infrastructure in safety. The data center has a total capacity of 10 Megawatts, with a growth potential of 20 Megawatts. With this power capacity, EvoSwitch can guarantee customers that sufficient energy is always available. EvoSwitch has 30 employees, including engineers who manage customers’ equipment actively and proactively. EvoSwitch operates completely climate-neutrally. In cooperation with the Climate Neutral Group, the company is investing in global projects to restore the CO2 balance in the atmosphere. Companies that house their equipment within EvoSwitch can disclose on their websites that they use a climate-neutral data center, via the logos in the partner programme called The Green Fan.