Nucleus cloud hosting - ISO 27001 certified

Nucleus was recently granted a new ISO 27001:2013 certificate for data security. It’s not new, but today we are certified for the most recent version of the standard.


The new version focuses much more on the quality of services by suppliers. To get the certificate Nucleus had to make the rules of cooperation for suppliers much stricter. Nucleus must to be able to demonstrate that the necessary measures are taken in terms of data security and privacy. We obviously prefer to work with partners who are also holders of the ISO 27001:2013 certificate.


In addition, the new standard also pays more outspoken attention to project management and secure development. This ensure that all tools we develop for (internal) use are also developed according to secure processes. In practice this means that we take into account a number of specific security rules during the development.


Finally, we checked each section of the standard to find out which aspects we could further improve. Because the fact that we got the previous standard does not mean there is no room for improvement. Nucleus is not standing still.


With this new certification we are at the top of our industry in terms of data security. And we are proud of it, though to us data security is simply the obvious thing to do. In our business it is indeed an absolute top priority. But what does the standard imply in practice?


The standard

ISO 27001 is a standard prepared by the International Standardisation Organisation (ISO) to describe how data security must be organised in a company. The most recent version of this standard was published in 2013 and is developed by the world’s leading experts in terms of information security. The standard supplies the methodology for the implementation of information security in an organisation.


The certificate

Every organisation can decide for itself whether or not to implement ISO 27001, but it obviously involves quite some requirements and work. Companies can be certified after the implementation, which means that an audit is conducted by an independent body. This organisation will confirm after the audit whether the organisation implemented information security measures in line with the ISO27001 standards and gives permission to issue the certificate. This certificate is not everlasting, though: a new audit must be performed at regular intervals.


The content

The ISO 27001 standard is all about protecting the confidentiality, integrity and availability of the information in a company. This is done by mapping out potential risks and determining how these problems can be avoided in the future.


The measures to be taken by companies or organisation can be divided in three large categories: policy, procedures and technology (hardware & software). It is not only about IT security (firewalls, antivirus, etc.) but also about processes, legal protection, human resources, physical protection, etc. Most attention actually goes to policy and procedures, in other words, the writing of the guidelines required to avoid security breaches.


What’s in it for you?

This ISO standard is simply a quality label that shows that we see data security as an absolute priority and that we make every endeavour to optimally protect your data (and your privacy). In other words: if we host your data, you have nothing to worry about.

Related posts

Google Chrome will mark websites without HTTPS as not secure starting July 2018

Starting July 2018, the Google Chrome web browser will mark all websites that don’t use HTTPS, as not secure. In doing so, Google compels […]

Read more

IT Security

Why IT security is still unimportant…

Entrepreneurs often have too little attention for IT security. Limited budgets, limited knowledge, counting on third parties… excuses are plentiful when things go wrong […]

Read more


6 unexpected positive results of GDPR

GDPR will of course have a (heavy) impact on your company. But we have also identified a couple of unexpected positive results.

Read more