Monitoring, auditing and continuous improvement

Introduction

At Fellow Digitals, information security and privacy are continuously monitored and improved through our Information Security Management System (ISMS). Through structured monitoring, internal audits, and periodic management reviews, we verify that our policies, procedures, and security measures remain effective.

Control program and monitoring

We maintain a structured control program to verify that our security and privacy measures operate as intended. This program includes various control activities, such as control testing, procedure reviews, and effectiveness assessments.

When deviations are identified, root causes are analyzed and corrective actions are defined and monitored. The outcomes of these activities are documented and evaluated as part of the ISMS management cycle.

Internal and external audits

To verify the effectiveness of our ISMS, we perform both internal and external audits on a yearly basis.

Internal audits are conducted by an independent external security advisor and follow a multi-year audit plan that covers the relevant domains of our information security framework. These audits help verify whether our processes operate according to established policies and procedures and identify opportunities for improvement.

In addition, Fellow Digitals undergoes annual external certification audits conducted by the certification body KIWA. These audits assess our compliance with the requirements of:

• ISO/IEC 27001

• ISO/IEC 27701

• NEN 7510

Audit findings are documented and, where relevant, followed up with corrective actions or improvements.

Management review

The effectiveness of the ISMS is periodically evaluated through a management review conducted by the management team. During this review, topics such as risk assessments, supplier evaluations, audit results, incidents, performance indicators, and security objectives are assessed.

Based on the outcomes, improvements or adjustments to policies, procedures, and controls may be implemented.

Continuous improvement

Monitoring activities, audits, and management reviews together support a process of continuous improvement. This ensures that our security and privacy framework evolves in response to organizational changes, technological developments, and emerging risks.