Information Security Management System

Safeguarding Customer Data with ISO/IEC 27001

At Crystalloids, we handle large volumes of customer data, especially in marketing. To ensure top-level security and meeting the highest information security standards, we obtained ISO 27001 certification in 2021. This implementation has strengthened our security measures, ensured regulatory compliance, built trust with stakeholders, and given us a competitive advantage.

BC Certified logo_ISO 27001-2022 RVA_ENG

ISMS and NEN-ISO 27001 standard

We have an ISMS framework of policy principles with regard to the confidentiality, integrity, and availability of the information provided, within which a balanced (effective and efficient) system of interrelated measures is developed, to protect the information system against internal and external threats.

We implement and maintain the ISMS and ensure continuous improvement by applying the Deming quality circle (plan, do, check, act) so that the ISMS meets the High-Level Structure (HLS) requirements of the NEN-ISO/IEC 27001 standard.


The scope of our NEN-ISO/IEC 27001: Information security related to consultancy, design, development, assembling, configuration, training, technical and functional support, related to Google Cloud Platform technologies with a focus on data sciences, data engineering, business analytics, and real-time channel management.

Policy principles

We aim to manage and to be in control by living by 26 information policy principles. We are able to mitigate the information security risks while keeping our flexibility and efficiency.

The policy principles are the bridge between the information security risks and the management objectives and managerial measures of our Internal Norm. If you wish to learn about these principles and our ISMS please contact us. 

Risk management cycles

The Crystalloids management sees three cycles of risk management:

  1. The business risk assessment is carried out every three years with the complete derivation of measures and improvements.
  2. Incident handling and changing procedures with their impact analyses are applied on a day-to-day basis so that the needs of stakeholders can be anticipated at lightning speed. For Crystalloids, this is the most important risk management tool. In addition, an IB meeting is organized four times a year.
  3. Every year during the internal audit, the course of events and especially the day-to-day risk assessment is reviewed. This leads to the observation of deviations, which are resolved by improvements.
The improvements from these three cycles are included in the improvement plan. The management is explicitly involved in all three cycles and continuously assesses whether the management system meets its expectations.

ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family.

Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details, or information entrusted by third parties.

The external audits were executed by Brandcompliance.