Today is European Privacy Day, a day when we pay extra attention to personal data and the importance of protecting it properly. Because, with Scorion a lot of personal data is collected and we have to be very careful with it.
Our data protection officer
To properly handle personal data of Scorion users, a secure and stable environment is necessary. We are therefore required by law to appoint a data protection officer. At Scorion, this is Ron Kobes.
Ron explains: ”As data protection officer I supervise the application of and compliance with the General Data Protection Regulation (AVG) within the organization. In addition – from another overlapping role – I monitor information security focused on the ISO27001 and NEN7510 certification. The ISO27001 certification is an international standard for information security. The NEN7510 is the Dutch standard for information security in healthcare.”
Availability, integrity and security
We have been certified for the ISO27001 and the NEN7510 since 2016. This means that an external company performs an annual audit on – among other things – security of workstations, central data storage and access to data, suppliers used for services, measures to ensure continuity, and whether staff work according to the agreements and processes and whether they are aware of the risks of data processing. ”Both certifications aim to ensure the availability, integrity and confidentiality (BIV) of information within the organization,” Ron continued. ”Availability means that the information is always accessible to those who have a right to it. Information must be available quickly and easily, without unnecessary delays or restrictions. Integrity means that the information is not changed inadvertently or intentionally. Information must be complete, accurate and reliable. Confidentiality means that the information is available only to those who are entitled to it. The information is protected from unauthorized access or disclosure. So these three aspects together ensure that the information is secure and that only the right people have access.”
We stay sharp
In addition to the audits, a quarterly awareness session is organized for the Scorion team and they are required to take a short quiz monthly. Furthermore, all incidents related to BIV are recorded and discussed biweekly. Ron: ”This way we emphasize the usefulness and necessity of BIV and see what else can be done to prevent incidents as much as possible.”