Monitoring, auditing and continuous improvement

Introduction

At Fellow Digitals, information security and privacy are continuously monitored and improved through our Information Security Management System (ISMS). Through structured monitoring, internal audits, and periodic management reviews, we ensure that our policies, procedures, and security measures remain effective.

Control program and monitoring

We maintain a structured control program to verify that our security and privacy measures operate as intended. This program includes various control activities, such as control testing, procedure reviews, and effectiveness assessments.

When deviations are identified, root causes are analyzed and corrective actions are defined and monitored. The outcomes of these activities are documented and evaluated as part of the ISMS management cycle.

Internal and external audits

We perform annual internal and external audits to verify the effectiveness of our ISMS.

Internal audits are conducted by an independent external security advisor, based on a multi-year audit plan covering key domains of our information security framework. These audits assess whether processes operate in line with established policies and identify improvement opportunities.

In addition, Fellow Digitals undergoes annual external certification audits by KIWA, covering:

• ISO/IEC 27001

• ISO/IEC 27701

• NEN 7510

Findings are documented and followed up with corrective actions where relevant.

Management review

The effectiveness of the ISMS is periodically evaluated through a management review conducted by the management team. During this review, topics such as risk assessments, supplier evaluations, audit results, incidents, performance indicators, and security objectives are assessed.

Based on the outcomes, improvements or adjustments to policies, procedures, and controls may be implemented.

Continuous improvement

Monitoring, audits, and management reviews together support continuous improvement, ensuring that our security and privacy framework evolves with organizational changes, technological developments, and emerging risks.