Toekomstige Certificeringen

Toekomstige Certificeringen

SOC 2 Type II

Status: 🔄 Gepland H2 2026

Scope: Security, Availability, Processing Integrity

Voorbereiding:

• Controls aligned met ISO 27001

• Evidence collection ongoing

• Internal assessment compleet

Overige Compliance

Sectorspecifiek (Verzekeringen)

Wet Financieel Toezicht (Wft)

• Faciliteren client compliance

• Outsourcing Art. 4:15 en 4:16 compliant

• Support client audits

Solvency II

• Supporting client SCR calculations

• Operational risk documentation

• Transparent reporting

NIS2 Directive

• Monitoring implementation (2024)

• Alignment met DORA en ISO 27001

Audits & Assessments

Internal Audits

• Frequency: Kwartaal

• Scope: Alle compliance frameworks

• Evidence collection, findings, remediation tracking

External Audits

• ISO 27001: Q1 2026 (gepland)

• SOC 2 Type II: H2 2026 (gepland)

• DORA Supervisory: As required

• Customer audits: Op verzoek

Third-Party Assessments

• Penetration testing: Jaarlijks

• Vulnerability assessments: Wekelijks

• Security ratings: Continuous monitoring

• Privacy assessments: Jaarlijkse DPIA reviews

Regulatory Engagement

Toezichthouders

Autoriteit Persoonsgegevens (AP)

• Privacy toezichthouder

• FG is primary contact

• Data breaches binnen 72h gerapporteerd

De Nederlandsche Bank (DNB)

• Via insurance clients

• Support client regulatory compliance

Europese Toezichthouders

• EIOPA (European Insurance)

• ENISA (EU cyber security)

• Monitoring regulatory developments

Industry Participation

• Insurance cybersecurity working groups

• Financial sector ISAC (information sharing)

• DORA implementation forums

• AI ethics initiatives

Emerging Regulations

Monitoring:

• NIS2 implementation

• AI Act technical standards

• Cyber Resilience Act

• Data Act

• eIDAS 2.0

Voorbereiding:

• Ongoing gap analyses

• Regulatory tracking system

• Industry participation

Contact

Compliance vragen
dpo@onesurance.ai