The value of certifications

The value of certifications

Certifications are widely used by companies as advertisement, showing the company is reliable. The more certifications the better. Of course, having a lot certification can show the reliability of an organization, however that is not the case by default! Knowing the purpose of a certification and understanding the scope is crucial when you really want to gain trust by assessing certifications.

Certifications regarding the internal organization of your Service Organization

Certifications can be used to obtain comfort of the operations of an organization. For example: ISO 9001 will provide comfort regarding the quality management of an organization’s internal business processes. Such a certification does not directly provide comfort to the environment that is part of the customer’s responsibility. Also, for ISO 27001 the scope can include the service provided to the customer, however it can also solely include the sales process of the internal organization. Just obtaining a certificate and showing it on your website does not mean the services you use are included in the scope or has impact on the services you use. Therefore; if your organization demands a supplier to be certified, check the services/scope that is included in the certification.

Certifications regarding the services offered to you as a client

Besides certifications that are related to the internal organization, some certifications are designed to specifically certify the services to the client, like PCI-DSS and SOC-reporting. These certifications specifically address how the service organization manages their client services. Instead of showing that the internal organization has an effective information management process, these certifications specifically address the requirements with respect to the services you use. Also, for certifications regarding client services, again the scope is important. For example, within SOC reporting a specific scope is defined. If your organization is using additional services offered by the service organization or uses a difficult physical site and it is not included in the scope, you cannot rely on the certification for those specific services.

The certification purposes

Besides looking at the scope of the certification, it must be determined if the purpose of the certification is relevant for your service organization. For example, a data center can be certified to comply to NEN 5710 (information security on medical data), however if the data center does not have access to the information, requesting that certification is not useful. The data center can be a control used by the holder of the certificate, but an auditor cannot assess how the data center handles medical data if the data center does not have access to that data.

Another example is the GDPR certification that can be obtained by companies. Using a company that is GDPR certified will not mean that your organization can rely on that certifications. Such a certification means that the company that has the GDPR certification complies to the GDPR for the personal data they store and can access.

To conclude, certifications are widely used by organizations to show their companies processes are the best and their clients can trust them. It is important to not just list certifications and ‘check-in-the-box’ when selecting your suppliers. When you know which processes and services are important for you, you can assess the certification and the certifications brings the value they should bring.

More Insights

  • The hidden costs of hosting your infrastructure on-premise

    There are many myths around it and the choice between hosting your mission-critical infrastructure in-house or accommodating your IT infrastructure in a professional data center. Managing and implementing your business-critical infrastructure in-house is a huge responsibility on top of your daily work and the choice should not only be made on the basis of costs. It depends on your business requirements and specific usage options, as well as the costs of the service.

    Read more
    Read more
    Blog
  • Datacenter.com Wins EU Code of Conduct for Energy Efficiency Award

    Datacenter.com, announced it has received the Annual Award from the European Commission Joint Research Center that oversees the EU Code of Conduct (CoC) on Data Center Efficiency for the data center facility in Amsterdam (AMS1). The award was received by Datacenter.com CEO Jochem Steman during this year’s prestigious Datacloud Europe Awards ceremony in Monaco.

    Read more
    Read more
    news
  • Data Center Industry Survey 2019

    Uptime Datacenters released the Ninth Annual Uptime Institute Data Center Survey. The survey provides an overview of the shape, practices and major trends driving the mission-critical digital infrastructure of today. This survey, the most comprehensive research survey of its kind, was conducted online during March and April 2019 with nearly 1600 participants.

    Read more
    Read more
    Blog

Call us on +31 (0)20 - 2384 200
We are happy to answer your question

Email us for more information

Join Our Monthly Newsletter

Stay updated with all latest updates, upcoming events & much more
Subscribe
SUBSCRIBE NOW
close-link

Join Our Monthly Newsletter

Stay updated with all latest updates, upcoming events & much more
Subscribe
SUBSCRIBE NOW
close-link