Future Certifications

Future Certifications

SOC 2 Type II

Status: 🔄 Planned for H2 2026

Scope: Security, Availability, Processing Integrity

Preparation:

• Controls aligned with ISO 27001

• Evidence collection in progress

• Internal assessment complete

Other Compliance

Sector-specific (Insurance)

Financial Supervision Act (Wft)

• Facilitating client compliance

• Outsourcing Art. 4:15 and 4:16 compliant

• Customer support audits

Solvency II

• Supporting client SCR calculations

• Documentation of operational risk

• Transparent reporting

NIS2 Directive

• Monitoring implementation (2024)

• Alignment with DORA and ISO 27001

Audits & Assessments

Internal Audits

• Frequency: Quarterly

• Scope: All compliance frameworks

• Evidence collection, findings, remediation tracking

External Audits

• ISO 27001: Q1 2026 (planned)

• SOC 2 Type II: H2 2026 (planned)

• DORA Supervisory: As required

• Customer audits: Upon request

Third-Party Assessments

• Penetration testing: Annually

• Vulnerability assessments: Weekly

• Security ratings: Continuous monitoring

• Privacy assessments: Annual DPIA reviews

Regulatory Engagement

Regulators

Personal Data Authority (AP)

• Privacy regulator

• FG is the primary contact

• Data breaches reported within 72 hours

The Dutch Central Bank (DNB)

• Via insurance clients

• Customer support for regulatory compliance

European Supervisory Authorities

• EIOPA (European Insurance)

• ENISA (EU cybersecurity)

• Monitoring regulatory developments

Industry Participation

• Insurance cybersecurity working groups

• Financial sector ISAC (information sharing)

• DORA implementation forums

• AI ethics initiatives

Emerging Regulations

Monitoring:

• NIS2 implementation

• AI Act technical standards

• Cyber Resilience Act

• Data Act

• eIDAS 2.0

Preparation:

• Ongoing gap analyses

• Regulatory tracking system

• Industry participation

Contact

Compliance questions
onesurance