The value of certifications

The value of certifications

Certifications are widely used by companies as advertisement, showing the company is reliable. The more certifications the better. Of course, having a lot certification can show the reliability of an organization, however that is not the case by default! Knowing the purpose of a certification and understanding the scope is crucial when you really want to gain trust by assessing certifications.

Certifications regarding the internal organization of your Service Organization

Certifications can be used to obtain comfort of the operations of an organization. For example: ISO 9001 will provide comfort regarding the quality management of an organization’s internal business processes. Such a certification does not directly provide comfort to the environment that is part of the customer’s responsibility. Also, for ISO 27001 the scope can include the service provided to the customer, however it can also solely include the sales process of the internal organization. Just obtaining a certificate and showing it on your website does not mean the services you use are included in the scope or has impact on the services you use. Therefore; if your organization demands a supplier to be certified, check the services/scope that is included in the certification.

Certifications regarding the services offered to you as a client

Besides certifications that are related to the internal organization, some certifications are designed to specifically certify the services to the client, like PCI-DSS and SOC-reporting. These certifications specifically address how the service organization manages their client services. Instead of showing that the internal organization has an effective information management process, these certifications specifically address the requirements with respect to the services you use. Also, for certifications regarding client services, again the scope is important. For example, within SOC reporting a specific scope is defined. If your organization is using additional services offered by the service organization or uses a difficult physical site and it is not included in the scope, you cannot rely on the certification for those specific services.

The certification purposes

Besides looking at the scope of the certification, it must be determined if the purpose of the certification is relevant for your service organization. For example, a data center can be certified to comply to NEN 5710 (information security on medical data), however if the data center does not have access to the information, requesting that certification is not useful. The data center can be a control used by the holder of the certificate, but an auditor cannot assess how the data center handles medical data if the data center does not have access to that data.

Another example is the GDPR certification that can be obtained by companies. Using a company that is GDPR certified will not mean that your organization can rely on that certifications. Such a certification means that the company that has the GDPR certification complies to the GDPR for the personal data they store and can access.

To conclude, certifications are widely used by organizations to show their companies processes are the best and their clients can trust them. It is important to not just list certifications and ‘check-in-the-box’ when selecting your suppliers. When you know which processes and services are important for you, you can assess the certification and the certifications brings the value they should bring.

More Insights

  • Datacenter.com Announces the Coming Departure of Jochem Steman, CEO

    Datacenter.com announced announced today that Jochem Steman, has notified the Company that, after four years at Datacenter.com, he has decided to step down as Chief Executive Officer and leave the company in the coming months.

    Read more
    Read more
    news
  • Customer statement on Coronavirus (COVID-19) outbreak

    As the World Health Organization confirms Coronavirus (COVID-19) as pandemic Datacenter.com is intensifying its efforts to mitigate the spread of the virus among our employees, customers, partners and suppliers. Our facilities are 100% operational and we are taking all possible measures to ensure we can maintain this service level while ensuring the health and safety of all that interact with our facilities.

    Read more
    Read more
    news
  • Datacenter.com completes expansion of Amsterdam Data Center

    Datacenter.com announced it has completed phase II of its Datacenter.com AMS1 data center. The expansion was necessary due to the strong demand from domestic and international enterprise and cloud computing customers looking to reduce IT infrastructure costs.

    Read more
    Read more
    news

Call us on +31 (0)20 - 2384 200
We are happy to answer your question

Email us for more information