In various areas, it is important that, as a fully or partially public authority, you can render account for automated data processing. We would be happy to help you with our smart audit strategy tailored to your requirements. For example, in addition to performing the DigiD security assessment, we can also identify any areas for improvement in a timely manner. We are specialists in the field of auditing and information security. Our IT auditors have extensive experience in offering support with specific issues such as as DigiD, the VIPP final test and ENSIA.
As holder of the DigiD connection, you have to render account on an annual basis for the accounting records relating to the previous year. You have to do this between 1 January and 1 May by means of a DigiD security assessment. An assessment report and an improvement report (if applicable) must be drawn up by an RE auditor. This DigiD security assessment is used for the purposes of supervision by Logius, DigiD’s supervisory authority.
The link between DigiD and your organisation’s web application is supervised. If your organisation uses DigiD, you must comply with the DigiD Standards Framework v2.0. This is assessed by means of an IT audit performed by a Registered EDP auditors. The object of investigation has been formulated by Logius as follows:
The object of investigation of an IT security assessment is a web application that uses DigiD for the purposes of identification and authentication of (some of) its users. Specifically in scope are the internet-facing web pages, system links and the infrastructure linked to DigiD and relating to the DigiD identification and authentication process. The various forms of management of the web application are also in scope insofar as relevant to the objective of the audit.