Skip to main content
Compliance

ISO 9001:2015 and ISO 27001:2022.

Conduction holds two ISO certifications. The 9001 covers our quality-management system, the 27001 covers our information-security management system. Both apply to the apps we build, the managed hosting we run, and the advisory work we do.

ISO 9001:2015 — Quality management

ISO 9001:2015 is the international standard for quality management systems. The certification confirms that Conduction operates a documented QMS, runs internal audits, and conducts management reviews. The audit cycle covers customer-focus, leadership commitment, planning, support, operation, performance evaluation, and improvement.

  • Scope. Software development, hosting, and advisory work delivered to public-sector and MKB clients in the Netherlands.
  • Certificate body. Listed on the certificate. Contact us for a copy of the current certificate or scope statement.
  • First issued. On the certificate.
  • Renewal cycle. Annual surveillance audit, three-year recertification.

ISO 27001:2022 — Information security

ISO 27001:2022 is the international standard for information-security management systems. The certification confirms that Conduction operates a documented ISMS aligned with the 2022 control set, with annex-A controls implemented and reviewed.

  • Scope. All Conduction systems, the apps we develop, the managed Common Ground components hosted at commonground.nu, and the development and operations processes that surround them.
  • Certificate body. Listed on the certificate. Contact us for a copy of the current certificate, scope statement, or Statement of Applicability.
  • First issued. On the certificate.
  • Renewal cycle. Annual surveillance audit, three-year recertification.

The privacy side of the ISMS is described in the privacy policy. The DPIA approach lives there too.

Beyond the two ISO certifications, the procurement-relevant compliance picture for Conduction is:

  • ISAE 3402 — managed hosting at commonground.nu runs on infrastructure operated by Cyso under ISAE 3402 Type II. Their attestation is available on request.
  • BIO — Baseline Informatiebeveiliging Overheid alignment is in progress. Status updates land here when complete.
  • DigiD — out of scope for our current portfolio. We integrate with DigiD-using systems but do not hold a DigiD assessment ourselves.

Asking for the proof

If your procurement file needs the actual certificate, the SoA, or a copy of an audit report, write to info@conduction.nl with the contract or tender reference. We send the documents directly.