The value of certifications

The value of certifications

Certifications are widely used by companies as advertisement, showing the company is reliable. The more certifications the better. Of course, having a lot certification can show the reliability of an organization, however that is not the case by default! Knowing the purpose of a certification and understanding the scope is crucial when you really want to gain trust by assessing certifications.

Certifications regarding the internal organization of your Service Organization

Certifications can be used to obtain comfort of the operations of an organization. For example: ISO 9001 will provide comfort regarding the quality management of an organization’s internal business processes. Such a certification does not directly provide comfort to the environment that is part of the customer’s responsibility. Also, for ISO 27001 the scope can include the service provided to the customer, however it can also solely include the sales process of the internal organization. Just obtaining a certificate and showing it on your website does not mean the services you use are included in the scope or has impact on the services you use. Therefore; if your organization demands a supplier to be certified, check the services/scope that is included in the certification.

Certifications regarding the services offered to you as a client

Besides certifications that are related to the internal organization, some certifications are designed to specifically certify the services to the client, like PCI-DSS and SOC-reporting. These certifications specifically address how the service organization manages their client services. Instead of showing that the internal organization has an effective information management process, these certifications specifically address the requirements with respect to the services you use. Also, for certifications regarding client services, again the scope is important. For example, within SOC reporting a specific scope is defined. If your organization is using additional services offered by the service organization or uses a difficult physical site and it is not included in the scope, you cannot rely on the certification for those specific services.

The certification purposes

Besides looking at the scope of the certification, it must be determined if the purpose of the certification is relevant for your service organization. For example, a data center can be certified to comply to NEN 5710 (information security on medical data), however if the data center does not have access to the information, requesting that certification is not useful. The data center can be a control used by the holder of the certificate, but an auditor cannot assess how the data center handles medical data if the data center does not have access to that data.

Another example is the GDPR certification that can be obtained by companies. Using a company that is GDPR certified will not mean that your organization can rely on that certifications. Such a certification means that the company that has the GDPR certification complies to the GDPR for the personal data they store and can access.

To conclude, certifications are widely used by organizations to show their companies processes are the best and their clients can trust them. It is important to not just list certifications and ‘check-in-the-box’ when selecting your suppliers. When you know which processes and services are important for you, you can assess the certification and the certifications brings the value they should bring.

More Insights

  • Why a solid foundation of compliance is a must for the financial and gaming industry

    As a company that is within the financial or gambling industry, lots of requirements can apply to you. Governmental requirements or requirements by industry standards can make it very hard to have some services outsourced. As an example, for online gaming in Malta or processing credit card PINs very strict regulations are defined by the Malta Gaming Authorities (MGA) or the Payment Card Industry (PCI).

    Read more
    Read more
    Blog
  • The fast-growing gaming industry requires reliability in the data center

    In the gaming industry, with billions in revenue, there is an important factor, a factor that a player may not immediately think of: latency (delay time). It is a fact that the experience of a game is poor as well as the underlying infrastructure and data center.

    Read more
    Read more
    Blog
  • How Remote Hands Service can Improve your Data Center Deployment

    When organizations weigh the costs of building their own data center solution against the benefits of colocation services, they often keep most of their focus on technical aspects. They consider connectivity options, regulatory compliance and security, but sometimes overlook one of the most important benefits of colocation. Why are Smart Remote Hands important for your business?

    Read more
    Read more
    Blog

Call us on +31 (0)20 - 2384 200
We are happy to answer your question

Email us for more information