At Royal HaskoningDHV, we handle information entrusted by clients and other third parties, project information, and company information like intellectual property, employee details and financial information. To protect this information, we implemented an Information Security Management System (ISMS) in 2021, maintained our full certification to ISO/IEC 27001, and only work with vendors and suppliers that have a robust level of security in place. In the United Kingdom, we obtained the National Cyber Security Centre’s Cyber Essentials certification, as well as the Cyber Essentials Plus certification. This is the highest level of certification offered under this scheme and is required when bidding for contracts where handling certain sensitive and personal information is involved.
To respond to the new reality of hybrid work, we are constantly adapting concepts to secure the complex modern enterprise IT network in which devices and data are protected, regardless of location or the type of device. That is why we have chosen to adopt the zero trust security principles to securing our network and in the digital services we provide to clients. We also help our employees adapt to new ways of working, which is key to successful digital transformation. In 2021 we saw an increasing demand from our clients to fulfil information security requirements. We continued to find a way of working where all parties felt secure and in control.
Following the December discovery of the cyber security vulnerability called Log4j, we worked with our external partners to investigate if our systems – and those we provide to our clients – may have been affected. No issues were found. In accordance with advice from the National Cyber Security Centre in the Netherlands, we apply updates to third party software to address the Log4j vulnerability, or implement temporary work-arounds to mitigate potential risks. Questions received were all answered to clients’ satisfaction.
Cyber security is more relevant than ever, so we offer multidisciplinary expertise and experience in design and advice on management and maintenance of Operational Technology (OT) systems, as well as cyber security scans and asset management. To deliver cyber resilient products, our processes for cyber security design and risk assessments follow the internationally recognised IEC62443 series for OT systems, ISO 27001, and the NIST Cyber Security Framework.