1. National standards body: The Bureau of Normalisation (NBN) is Belgium’s official member of ISO and acts as the national platform for developing, adopting and publishing standards.
2. Accreditation body: The Belgian Accreditation Body (BELAC) operates under federal regulation and accredits certification and inspection bodies according to ISO/IEC 17011 and related standards.
3. Certification and conformity assessment: Certified organisations in Belgium engage certification bodies that are BELAC-accredited. These bodies audit and certify against ISO/IEC standards (for example ISO/IEC 27001 for information security) and may add country-specific regulatory layers. Other example are ISO/IEC 9001 – ISO/IEC14001…

L’article How are ISO/IEC standards implemented in Belgium? est apparu en premier sur Trust Check.

The purpose of ISO/IEC standards is to create consistency and interoperability in products, services, and systems globally. These standards promote best practices, enhance security, and support international trade by ensuring reliability and compatibility.

ISO/IEC standards help businesses improve credibility, reduce risks, and meet compliance requirements. They demonstrate commitment to quality, information security, and operational excellence, making organizations more competitive in global markets.

L’article What is ISO/IEC? est apparu en premier sur Trust Check.

L’article How long does verification take and what does it cost? est apparu en premier sur Trust Check.

L’article What kinds of claims can Trust CHECK verify? est apparu en premier sur Trust Check.

What a Work SRL holds official accreditation from BELAC (No. 770-VV) as a verification body for the CyFun® standard.

The Centre for Cybersecurity Belgium (CCB) authorizes What a Work SRL to carry out CyFun® verifications and support entities working toward NIS2 compliance.

The Trust CHECK division clearly separates accredited activities from non-accredited services. This distinction prevents confusion about the scope of accreditation.

L’article Is Trust CHECK officially recognized? est apparu en premier sur Trust Check.

L’article What is Trust CHECK? est apparu en premier sur Trust Check.

The centre for cybersecurity in belgium developped a tool to figure out if your entity fall under the NIS2 law or not. Refer to this link to find the tool.

Obligations of Essential and Important Entities under the NIS2 Law (Belgium)

The Belgian NIS2 law, which transposes the EU Directive 2022/2555, imposes several cybersecurity obligations on entities deemed essential or important for the functioning of society and the economy.

1. Registration

Entities falling within the scope of the NIS2 law must register with the Centre for Cybersecurity Belgium (CCB) via the Safeonweb@work platform. This registration is mandatory and ensures that the CCB can effectively supervise and support these entities.

2. Cybersecurity Risk Management Measures

Both essential and important entities are required to implement appropriate technical, operational, and organizational measures to manage cybersecurity risks. These measures aim to:

• Secure network and information systems.
• Prevent incidents.
• Minimize the impact of incidents on customers and services.

4. Supply chain security

Essential and Important entities must take appropriate and proportionate cybersecurity risk-management measures on their supply chain. This is why many companies outside NIS2 scope adopt CyFun® to strengthen cybersecurity governance or because a customer, supplier, or partner requires proof of compliance.

5. Notification of Significant Incidents

Entities must report any significant incidents to the national CSIRT, which in Belgium is the CCB. This includes:

• Incidents causing severe operational disruption.
• Incidents with potential cross-border effects.
• Financial or reputational damage.

The reporting process includes:

• Initial notification within 24 hours.
• Detailed incident report within 72 hours.
• Final report within one month.

4. Obligations for management

The management bodies of NIS2 entities are responsible for:

• Approving cybersecurity risk-management measures and supervise their execution.
• Following a training to ensure that their knowledge and skills are sufficient to identity risks and treatment

In case of non-compliance, management can be held liable.

5. Supervision

• Essential entities must undergo regular compliance assessments, choosing one of the following:
  • CyberFundamentals Certification or verification.
  • ISO/IEC 27001 Certification.
  • Audit by the CCB’s audit service.
• Important entities must not undergo a regular compliance assessment.

6. Sanction

Essential and Important entities which do not respect their obligations can be subjected to a series of administrative measures and fines.

L’article Must I demonstrate my cybersecurity maturity by law? est apparu en premier sur Trust Check.

L’article Where can I find the CyFun® framework? est apparu en premier sur Trust Check.

CyFun® and ISO/IEC 27001 are interconnected through reference matrices, enabling organizations to map requirements and controls between both frameworks. This facilitates dual compliance and helps organizations leverage existing certifications to meet new regulatory expectations.

L’article What is the difference between CyFun® and ISO/IEC 27001? est apparu en premier sur Trust Check.

Today, more and more EU countries are recognizing CyFun®, including France, Romania, and Ireland, with others expected to follow soon.

For organizations, CyFun® means easier access to new markets, streamlined compliance processes, and increased trust from clients and partners.

As CyFun® aligns with European frameworks such as NIS2 and GDPR, it is becoming a continental reference for cybersecurity assurance.

L’article Where is the CyFun® Label and verification recognized? est apparu en premier sur Trust Check.