CCS Compliance Program

Our software solution services in the insurance industry undergo regular independent audits concerning security, privacy, and compliance. These audits result in recognized certifications and audit reports based on standards (customer standards).

Our Approach

Our clients are supervised by the DNB and the AFM. In order to support our clients in their activities and to comply with laws and regulations (such as the GDPR), we have assessed our services against frameworks and regulations of the DNB and NBA Norea. Based on the frameworks set by our organization and our role as a chain partner in the insurance industry, we are continuously evolving and expanding our knowledge and expertise in information security, privacy, and compliance. In a changing world where security and privacy are becoming increasingly important, CCS colleagues are regularly briefed on the latest developments. Additionally, we have frequent client meetings where information security is a standard topic of discussion. If there is a change in information security at the client's end, we assess the extent to which CCS processes still comply and make necessary adjustments where needed.

ISO 27001

ISO/IEC 27001:2013 is a standard for security management that specifies best practices for security management and comprehensive security controls according to the ISO/IEC 27002 guidelines for best practices. The foundation of this certification is the development and implementation of a rigorous security program, including the development and implementation of an Information Security Management System (ISMS). Requests for a copy of the ISO certificate and the statement of applicability can be sent to


ISAE 3402

The ISAE 3402 report pertains to the financial world and aims to demonstrate that outsourcing processes are adequately managed. Furthermore, ISAE 3402 reports are increasingly required by accountants of user organizations. The accountant auditing the financial statements of the user organization will need to review processes that are outsourced by this organization. Processes performed by a service organization often impact financial and operational processes that affect the financial statements of the user organization. If a service organization has an ISAE 3402 report, it is not necessary for the user organization's accountant (user auditor) to audit processes, as these have been audited by another external accountant, the service auditor.

ISAE 3402