Case DHD

How DHD pushed its information security to the next level with ISOPlanner

DHD employees knew what needed to be done when it came to compliance with multiple ISO standards that the organization had to meet. DHD has been compliant with ISO 27001 since 2016 and NEN 7510 since 2019. However, the security officer wanted to professionalize the internal processes and the use of single documents. By using ISOPlanner, DHD pushed its information security to the next level.

DHD connects sensitive data as efficiently and securely as possible from numerous data streams of medical-specialty care institutions such as hospitals. DHD experts are in daily contact with all general and university hospitals.

In addition, they unburden more and more other institutions within the medical-specialty care sector. What connects them: medical and financial patient data that provides healthcare professionals and hospitals with valuable information to improve their care.

ezz case isoplanner

Robert Kerssies, security officer at DHD, explains how the cooperation with ISOPlanner came about: “In June 2023, I started at DHD. For many colleagues, it was clear what they were doing when it came to information security. Only as a newcomer, I had no overview of the Excel and Word files and Teams channels that were linked together.

Moreover, I was used to working with an online ISMS at my previous employer. I suggested that we look for an online ISMS that could integrate with our existing Information Security Handbook in our Sharepoint environment.

In a brief market analysis, we compared three parties, including the one I already had experience with and ISOPlanner. However, ISOPlanner offered so much more functionality and benefits that they quickly stood out. So I just said to the other organization that I thought they did a nice job, but that ISOPlanner was the cream of the crop.”

Consistency of standards and measures provides overview and ease-of-use

Robert continues his story, “At DHD we think efficiency is very important and that’s what I was looking for. It has to be very simple. With ISOPlanner you link everything together, forming a kind of domino effect. If you tap a standard, you know that the measure is also correct. Certain tasks or standards are linked, so you don’t have to double-check everything. In addition, you build your own dashboard and customize everything yourself. That gave me an overview and many insights.

It also gave us a sudden insight into measures that we thought we had implemented well. And where we noticed that we were doing something, but it wasn’t written down in the policies. Or that it was written down, but we weren’t doing it. Because everything is in one central place, that information is much faster available.

I can report in an instant. If you want to know how many reports we have on which subjects, I press two buttons and I know.

Robert Kerssies

Security Officer DHD

For example, we noticed an increasing number of bug reports. Because this was shown in a dashboard, we could immediately take a critical look at the testing process and see if there was room for improvement. Those are the kinds of things you can quickly pinpoint through the notification registration in ISOPlanner.”

One management environment in SharePoint

DHD chose to link the existing manual in SharePoint to ISOPlanner. Robert continues, “All I do now is reference SharePoint pages in the measures. It all links together. The moment I modify my SharePoint page, the measure automatically adapts as well.”

Professional ISMS exudes confidence during audit

“An auditor is blown away when he sees our ISMS. And it provides a lot of confidence that you are carefully handling sensitive data,” Robert continues. “The standard offers the freedom to set up the ISMS to your own needs. Since we collect a lot of sensitive healthcare data from and share data with hospital care, it’s important to take this responsibility seriously. ISOPlanner fits well with this ambition.

Therefore, we feel it is important to show this care not only during an audit but also every day. Of course, when you have visitors you tidy your home. And the same goes for an auditor. But above all, you want to show that you take it seriously. In the end, we build software and dashboards, we work with Power BI and Azure. All the cream of the crop. Then your ISMS should also be of the highest standard.”

Sometimes a standard affects more than 20 measures. I don’t have to go through them to cut and paste texts. I manage everything in one central place. That saves an awful lot of time and is extremely easy.

Robert Kerssies

Security Officer DHD

Implementation of ISOPlanner in just 3 months

Implementing new software generally takes 3 to 6 months before everyone gets it, and this is also true for ISOPlanner. Robert Kerssies: “Ultimately, information security is not something that just one person does. Fortunately, we had already done a lot of preliminary work, we were already compliant according to the old standard.

With Purasec as a consultant and with templates and sample documents from Instant 27001, I was able to implement ISOPlanner quite easily in 3 months. With the occasional toll at my laptop because I was working on ISOPlanner for weeks. Because you have to put in the time yourself.”

An auditor is blown away when he sees our ISMS. Surely ISOPlanner is the cream of the crop.

Robert Kerssies

Security Officer DHD

Easy onboarding of new users

An onboarding event for DHD employees is scheduled soon. Robert continues: “Most colleagues only have to act once or twice a year. Still, it is very nice that I can give everyone online access to documents to show how everything is set up. That increases involvement and in the long run, it contributes to our professionalism.

It also provides more insight, for example into the number and type of incidents. I now have a dashboard that Iā€™m pleased with. I like to share the ongoings of our company within the organization. People like this and wonder where they can improve.

I’d rather have 100 reports and 10 incidents than 10 reports and 1 incident. Because otherwise, we don’t learn anything. An incident should never be a stick to beat with. Rather offer people a safe environment to make mistakes and learn from them. Never waste a good incident.”

Constructive cooperation and further development

Robert concludes, “ISOPlanner gives us space to spar, it is still a young and dynamic organization. Which simply listens to customer experiences and does something with feedback. So that too is very nice.”

See ISOPlanner in action

Book a live demo or start your free trial.