version July 13, 2022

Information Security and Quality Policy

This is the general policy of Ibuildings regarding information security and quality.

The goal of information security is to minimize the risk of damage by preventing incidents and minimizing the impact. The information security policy is therefore aimed at protecting the information assets against all internal and external threats intentional or unintentional.

The quality policy is aimed at continuous improvement and increasing customer and employee satisfaction.

Goals

The purpose of this policy is to:

  • Protect information from unauthorized access.

  • Ensure confidentiality of the information.

  • Maintain the integrity of the information throughout the process.

  • Ensure the availability of the information for business processes and follow Law and regulations.

  • Establish, maintain and test business continuity plans.

  • Train all personnel on information security and make them aware that compliance with information security policies is required.

  • Report and investigate all incidents and potential vulnerabilities.

  • Report all current and suspected information security incidents and potential vulnerabilities to the role data breach hotline or the role information security, and investigate.

  • Maintain documented procedures to support the policy, including measures for virus protection, passwords, and continuity plans.

  • Operational processes and procedures are up to date and understood by all employees.

  • Achieve business requirements for availability of information and systems.

  • To strive for maximum customer satisfaction.

  • Achieve and maintain quality certification.

  • To ensure accuracy in handling customer and employee data in accordance with the AVG and the ISO-27001 standard.

  • To strive for continuous improvement.

  • Strive to achieve the highest possible level of quality of our services delivered products.

Roles and responsibilities

The Information Security role is responsible for maintaining information security policies and providing support and advice during implementation and execution. The Leadlinks are responsible for implementation of the policy and compliance within their circles.

The Leadlink role is required to maintain the quality standards and requirements and implement them within the circle.

The policy is communicated internally and available to all stakeholders. Compliance with the policy is mandatory. The director has approved the policy.

Scope

Scope of information security.

Information security concerns the entire organization, with the following scope:

  • Legal entity: Ibuildings BV (CoC 22046933).

  • All activities aimed at providing services for our clients, as well as the supporting activities (sales, finance, office, etc).

  • The annual temporary project organization containing the activities for organizing the Dutch PHP Conference are outside the scope.

Activities

Ibuildings is active in providing software development services for web and mobile applications, broken down into application design, application development, application availability, consulting and project management.

Scope of quality standard ISO 9001

The scope for the ISO 9001 quality standard is EA Code 33: Information Technology. All activities aimed at delivering services for our clients, as well as the support activities are in-scope. In addition, the management system is also in-scope.

Purpose of the management system

Ibuildings uses an integral performance management system based on the EFQM Model. With the purpose of:

  • To support, manage and control the business operations.
  • To improve the organization, processes and products to continue to meet changing market and legislative requirements.
  • To serve as a tool to gain insight in activities, tasks, competences, information structure, results and control and to perform analyses.
  • Provide insight for (new) employees into business processes.
  • To be able to hold each other accountable for agreements made.
  • Continuous improvement and customer satisfaction.

Applied standard

The management system complies with the requirements of the NEN-EN-ISO 9001:2015 standard. There are no articles excluded.

The management system meets the requirements of the NEN-EN-ISO 27001:2017 standard. There are no articles excluded.

Structure of the management system

The management system is set up from the process-oriented approach, in which the organization is presented as a collection of processes to realize the products and services. The processes are divided into main topics and together form the business model, consisting of processes for:

  • Policy and strategy
  • Execution
    • Sales and account management
    • (Agile) software development
    • Application availability, support and management
    • Consultancy
  • Staff management
    • Overview of roles and responsibilities
    • In- through- and outflow of personnel
  • Resource management
  • Communication (internal and external)
  • Evaluation (e.g. internal audits, management review, customer evaluation etc.)

Standards have been developed for all the indicated processes. These standards form the total management system and are described in process models, information descriptions, working documents and forms, dashboards and overviews.