ISMS Compliance

ISMS Compliance

Information Security Management System documentation and compliance evidence

Information Security

Our security posture

CyFun Basic framework in progress, targeting ISO 27001 certification.

CyFun Basicin progress
ISO 27001planned Q1 2027

CyFun Basic Controls

Controls Overview

15 of 33 controls fully implemented. The framework prioritises 10 key measures. Request access for detailed status per control.

Identify

9/10 controls implemented

Protect

5/15 controls implemented

Detect

1/4 controls implemented

Respond

0/3 controls implemented

Recover

0/1 controls implemented

Documentation

Resources

Frequently Asked Questions

FAQ

What security framework does NextSDS follow?
NextSDS follows the Belgian CyberFundamentals (CyFun) Basic framework, aligned with ISO 27001 and NIST CSF. The roadmap: CyFun Basic by Q2 2026, Important + Essential by Q4 2026, ISO 27001 certification by Q1 2027.
How does NextSDS handle customer data?
All customer data is processed and stored within the EU (AWS eu-central-1, Frankfurt). We apply the principle of least privilege for access control and maintain an up-to-date data classification and asset inventory.
Who is responsible for security at NextSDS?
Jan Verdonck (CTO) serves as our security owner and incident commander. Security governance is overseen by the management team, with clear roles defined in our ISMS documentation.
What is your incident response process?
Documented incident response plan with severity levels, escalation paths, and communication templates. Jan Verdonck (CTO) acts as incident commander. Post-incident reviews are conducted for all significant events.
How do you manage third-party vendors?
We maintain a subprocessor register and conduct security assessments of critical vendors. All third-party services are documented in our asset inventory with their data processing locations and security certifications.
What is your patch management cadence?
Critical security patches are applied within 48 hours. Regular updates follow a scheduled maintenance window. We use automated dependency scanning to identify vulnerabilities in our software supply chain.
Can I request a security audit or assessment?
Yes. Contact security@nextsds.be to request our compliance documentation, discuss a security assessment, or arrange a review.
What is the current audit status?
We are actively implementing CyFun Basic controls with a target completion of Q2 2026. All 33 controls are documented with implementation status tracked per control. Our compliance checklist provides real-time visibility into progress.