NextSDS follows the Belgian CyberFundamentals (CyFun) Basic framework, aligned with ISO 27001 and NIST CSF. The roadmap: CyFun Basic by Q2 2026, Important + Essential by Q4 2026, ISO 27001 certification by Q1 2027.

All customer data is processed and stored within the EU (AWS eu-central-1, Frankfurt). We apply the principle of least privilege for access control and maintain an up-to-date data classification and asset inventory.

Jan Verdonck (CTO) serves as our security owner and incident commander. Security governance is overseen by the management team, with clear roles defined in our ISMS documentation.

Documented incident response plan with severity levels, escalation paths, and communication templates. Jan Verdonck (CTO) acts as incident commander. Post-incident reviews are conducted for all significant events.

We maintain a subprocessor register and conduct security assessments of critical vendors. All third-party services are documented in our asset inventory with their data processing locations and security certifications.

Critical security patches are applied within 48 hours. Regular updates follow a scheduled maintenance window. We use automated dependency scanning to identify vulnerabilities in our software supply chain.

Yes. Contact security@nextsds.be to request our compliance documentation, discuss a security assessment, or arrange a review.

We are actively implementing CyFun Basic controls with a target completion of Q2 2026. All 33 controls are documented with implementation status tracked per control. Our compliance checklist provides real-time visibility into progress.