NextSDS follows the Belgian CyberFundamentals (CyFun) Basic framework, aligned with ISO 27001 and NIST CSF. The roadmap: CyFun Basic by Q2 2026, Important + Essential by Q4 2026, ISO 27001 certification by Q1 2027.
How does NextSDS handle customer data?
All customer data is processed and stored within the EU (AWS eu-central-1, Frankfurt). We apply the principle of least privilege for access control and maintain an up-to-date data classification and asset inventory.
Who is responsible for security at NextSDS?
Jan Verdonck (CTO) serves as our security owner and incident commander. Security governance is overseen by the management team, with clear roles defined in our ISMS documentation.
What is your incident response process?
Documented incident response plan with severity levels, escalation paths, and communication templates. Jan Verdonck (CTO) acts as incident commander. Post-incident reviews are conducted for all significant events.
How do you manage third-party vendors?
We maintain a subprocessor register and conduct security assessments of critical vendors. All third-party services are documented in our asset inventory with their data processing locations and security certifications.
What is your patch management cadence?
Critical security patches are applied within 48 hours. Regular updates follow a scheduled maintenance window. We use automated dependency scanning to identify vulnerabilities in our software supply chain.
Can I request a security audit or assessment?
Yes. Contact security@nextsds.be to request our compliance documentation, discuss a security assessment, or arrange a review.
What is the current audit status?
We are actively implementing CyFun Basic controls with a target completion of Q2 2026. All 33 controls are documented with implementation status tracked per control. Our compliance checklist provides real-time visibility into progress.