CCS Compliance
Programma

Our software solutions for the insurance industry are continuously reviewed by independent experts. We ensure that we adhere to the highest standards of security, privacy, and compliance, and we obtain recognized certifications and detailed audit reports to guarantee the quality and reliability of our services.

ISO 27001
ISAE 3402 type 2
DORA
Our Approach

Information Security, Privacy, and Compliance

To support our clients in their operations and comply with laws and regulations (such as the GDPR), we have evaluated our services against frameworks and regulations set by DNB (Dutch National Bank) and NBA Norea (the Dutch Institute of Registered Accountants).

Based on the frameworks we follow as an organization and our role as a supply chain partner in the insurance industry, we are continuously developing and enhancing our expertise in information security, privacy, and compliance.

Up-to-date

Continuous Training and Learning

In a world where security and privacy are becoming increasingly critical, we continuously keep our CCS colleagues informed about the latest developments. Information security is regularly discussed as a standard topic during client meetings. When there are changes in a client’s information security measures, we assess how our processes align with these changes and adjust them if necessary.

CCS ISO 27001 gecertificeerd
Certification

ISO 27001

ISO/IEC 27001:2013 is a standard for information security management that specifies best practices for security management and comprehensive security controls according to the ISO/IEC 27002 guidelines for best practices. The foundation of this certification is the development and implementation of a rigorous security program, including the creation and execution of an Information Security Management System (ISMS).

CCS voldoet aan de ISAE 3402 type 2
Declaration

ISAE 3402 type 2

The ISAE 3402 report pertains to the financial world and aims to demonstrate that outsourced processes are adequately managed.

Additionally, ISAE 3402 reports are increasingly required by auditors of user organizations. The auditor reviewing the financial statements of the user organization will need to examine the processes outsourced by this organization. Processes performed by a service organization often impact the financial and operational processes that affect the user organization’s financial statements. If a service organization has an ISAE 3402 report, it is not necessary for the user organization’s auditor to review these processes, as they have already been examined by another external auditor, known as the service auditor.

CCS streeft DORA na
Legislation

DORA

CCS is determined to be fully compliant with the new DORA (Digital Operational Resilience Act) legislation by the time it comes into effect on January 17, 2025. To achieve this, we are conducting a thorough gap analysis, developing a detailed improvement plan, forming a dedicated virtual team, and engaging external expertise. This proactive approach ensures that our products and services meet the highest standards of operational resilience and compliance. It enables us to continue providing our customers with reliable and secure services while adhering to the new regulations.

Contact met CCS
Contact

Questions about compliance? We are happy to help.