Trust & Compliance Center
Welcome to the Verhaert Production Services Trust & Compliance Center. This portal provides transparency into our security, privacy, and compliance practices.
Compliances
Cyber Fundamentals (CyFun)
Cyber Fundamentals (CyFun)
Vlaams/Nationaal raamwerk dat bedrijven helpt om hun cyberweerbaarheid op basisniveau op orde te brengen. Focus op identificeren, beschermen, detecteren, reageren en herstellen.
GDPR
GDPR
De GDPR (General Data Protection Regulation) is een Europese wetgeving die de privacy en bescherming van persoonsgegevens van burgers binnen de EU regelt. Ze is sinds mei 2018 van kracht en verplicht organisaties om zorgvuldig om te gaan met persoonlijke gegevens, transparant te zijn over het gebruik ervan, en passende beveiligingsmaatregelen te nemen. De GDPR geeft individuen meer controle over hun data en legt bedrijven strenge verplichtingen op, met hoge boetes bij niet-naleving.
ISO/IEC 27001
ISO/IEC 27001
Internationale standaard voor informatiebeveiliging. Toont aan dat je als organisatie risico’s beheerst en je data adequaat beschermt.
NIS2 (EU)
NIS2 (EU)
Europese richtlijn die strengere eisen oplegt aan cybersecurity, vooral voor essentiële en belangrijke sectoren. Vanaf 2024 belangrijk voor veel bedrijven.
Cybersecurity Framework
Our cybersecurity approach is based on the NIST Cybersecurity Framework, which organizes cybersecurity activities into five core functions: Identify, Protect, Detect, Respond, and Recover.
IDENTIFY
BASIC_ID.AM-01.1: An inventory of physical and virtual infrastructure assets — such as hardware, network devices, and cloud-hosted environments — that support information processing shall be documented, reviewed, and updated as changes occur.
BASIC_ID.AM-02.1: An inventory of software, digital services, and business systems used within the organisation shall be documented, reviewed, and updated as changes occur
BASIC_ID.AM-07.1: Data that the organisation stores and uses shall be identified.
BASIC_ID.AM-05.1: The organisation’s assets shall be prioritised based on classification, criticality, and business value.
BASIC_ID.AM-08.2: Patches and security updates for operating systems and critical system components shall be installed.
BASIC_ID.RA-01.1: Threats and vulnerabilities shall be identified in all relevant assets, including software, network and system architectures, and facilities that house critical computing assets
BASIC_ID.RA-05.1: The organisation shall conduct risk assessments in which risk is determined by threats, vulnerabilities and the impact on business processes and assets.
BASIC_ID.IM-03.1: The organisation shall conduct post-incident evaluations to analyse lessons learned from incident response and recovery, and consequently improve processes / procedures / technologies to enhance its cyber resilience.
IDENTIFY
Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
PROTECT
BASIC_PR.AA-01.1: Identities and credentials for authorised users, services, and hardware shall be managed.
BASIC_PR.AA-03.1: All wireless access points used by the organisation, including those providing guest access, shall be securely configured, managed, and monitored to prevent unauthorised access and ensure network integrity.
BASIC_PR.AA-03.2: Multi-Factor Authentication (MFA) shall be required to access the organisation's networks remotely.
BASIC_PR.AA-05.1: Access permissions, rights, and authorisations shall be defined, managed, enforced and reviewed.
BASIC_PR.AA-05.2: It shall be determined who needs access to the organisation's business-critical information and technology and the means to gain access.
BASIC_PR.AA-05.3: Access rights, privileges and authorisations shall be restricted to the systems and specific information needed to perform the tasks (the principle of Least Privilege).
BASIC_PR.AA-05.4: No one shall have administrative privileges for routine day-to-day tasks.
BASIC_PR.AA-06.1: Physical access to all organisational assets, including critical zones, should be managed, monitored, and enforced based on risk.
BASIC_PR.AT-01.1: The organisation shall establish and maintain a cybersecurity awareness and training programme to ensure that all personnel understand how to perform their tasks securely and responsibly.
BASIC_PR.DS-01.9: Enterprise assets shall be disposed of safely.
BASIC_PR.DS-11.1: Backups for the organisation's business-critical data shall be performed and stored on a different system from the device on which the original data resides.
BASIC_PR.PS-04.1: Log records shall be generated and made available for continuous monitoring.
BASIC_PR.PS-05.1: Installation and execution of unauthorised software shall be prevented.
BASIC_PR.IR-01.1: Firewalls shall be installed, configured, and actively maintained on all networks used by the organisation to protect against unauthorised access and cyber threats.
BASIC_PR.IR-01.2: To safeguard critical systems, organisations shall implement network segmentation and segregation aligned with trust boundaries and asset criticality, thereby limiting threat propagation and enforcing strict access control.
PROTECT
Develop and implement appropriate safeguards to ensure delivery of critical infrastructure services.
DETECT
BASIC_DE.CM-01.1: Firewalls shall be installed and operated at the network boundaries, including endpoint firewalls.
BASIC_DE.CM-01.2: Anti-virus, -spyware, and other -malware programs shall be installed and updated.
BASIC_DE.CM-03-1: End point and network protection tools to monitor end-user behaviour for dangerous activity shall be implemented.
BASIC_DE.AE-03.1: The logging functionality of protection and detection tools shall be enabled. Logs shall be backed up and retained for a predefined period and regularly reviewed to identify unusual or potentially harmful activity.
DETECT
Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
RESPOND
BASIC_RS.MA-01.1: The incident response plan is executed in coordination with relevant third parties once an incident is declared.
BASIC_RS.CO-02.1: Internal and external stakeholders shall be notified of incidents.
RESPOND
Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
RECOVER
BASIC_RC.RP-01.1: A recovery process for disasters and information/cybersecurity incidents shall be developed and executed.
RECOVER
Develop and implement appropriate activities to maintain plans for resilience and to restore capabilities impaired by cybersecurity incidents.
GOVERNANCE
BASIC_GV.PO-01.1: Policies and procedures for managing information and cybersecurity shall be established, documented, reviewed, approved, updated when changes occur, communicated and enforced.
BASIC_GV.OC-03.1: Legal and regulatory requirements regarding information and cybersecurity shall be identified and implemented.
BASIC_GV.RM-03.1: As part of the organisation-wide risk management strategy, a comprehensive strategy to manage information and cybersecurity risks shall be developed and updated when changes occur.
BASIC_GV.RR-04.1: Personnel with access to the organisation’s most critical information or technology shall be authenticated.
GOVERNANCE
Cybersecurity framework category for governance functions and controls.