Skip to main content
Compliance

ISO 9001:2015 and ISO 27001:2022.

Conduction holds two ISO certifications. The 9001 covers our quality-management system, the 27001 covers our information-security management system. Both apply to the apps we build, the managed hosting we run, and the advisory work we do.

ISO 9001:2015 — Quality management

ISO 9001:2015 is the international standard for quality management systems. The certification confirms that Conduction operates a documented QMS, runs internal audits, and conducts management reviews. The audit cycle covers customer-focus, leadership commitment, planning, support, operation, performance evaluation, and improvement.

  • Scope. Software development, hosting, and advisory work delivered to public-sector and MKB clients in the Netherlands.
  • Certificate body. Listed on the certificate. Contact us for a copy of the current certificate or scope statement.
  • First issued. On the certificate.
  • Renewal cycle. Annual surveillance audit, three-year recertification.

ISO 27001:2022 — Information security

ISO 27001:2022 is the international standard for information-security management systems. The certification confirms that Conduction operates a documented ISMS aligned with the 2022 control set, with annex-A controls implemented and reviewed.

  • Scope. All Conduction systems, the apps we develop, the managed Common Ground components hosted at commonground.nu, and the development and operations processes that surround them.
  • Certificate body. Listed on the certificate. Contact us for a copy of the current certificate, scope statement, or Statement of Applicability.
  • First issued. On the certificate.
  • Renewal cycle. Annual surveillance audit, three-year recertification.

The privacy side of the ISMS is described in the privacy policy. The DPIA approach lives there too.

Beyond the two ISO certifications, the procurement-relevant compliance picture for Conduction is:

  • ISAE 3402 — managed hosting at commonground.nu runs on infrastructure operated by Cyso under ISAE 3402 Type II. Their attestation is available on request.
  • BIO — Baseline Informatiebeveiliging Overheid alignment is in progress. Status updates land here when complete.
  • DigiD — out of scope for our current portfolio. We integrate with DigiD-using systems but do not hold a DigiD assessment ourselves.
  • NEN-7510 — we deliver NEN-7510-aligned configurations as part of solution work for healthcare clients. The certification itself sits with the hosting partner.

Asking for the proof

If your procurement file needs the actual certificate, the SoA, or a copy of an audit report, write to info@conduction.nl with the contract or tender reference. We send the documents directly.