DigiD audit with 2-Control
Our organization consists of an enthusiastic team of IT auditors (REs) registered with NOREA. A 2-Control RE auditor can assess whether your digital service portal meets the standards required for a DigiD audit. Our auditors have extensive experience in conducting security assessments and perform the DigiD ICT security assessment annually for many different municipalities, other (semi-)governmental institutions, and service organizations.
We offer suppliers (service organizations) the opportunity to obtain a TPM statement. With a Third Party Memorandum, you as a supplier save on your customers’ audit costs because the same audit does not need to be performed for every customer who uses the same web application or web environment.
DigiD Approach 2-Control
- Support with self-assessment (pre-audit)
By first verifying the extent to which your systems comply, you will gain insight into measures that you must take in any case. We can perform this pre-audit for you. Our IT auditors map out the extent to which your organization meets certain standards. The outcome of the pre-audit gives a clear picture of the measures you need to take to comply with the applicable DigiD standards. This prevents unnecessary findings from the penetration test and audit, which saves on investment. - Take action
Following the pre-audit, implement the necessary measures yourself to better protect your systems from outside hacking. - Perform Penetration Test (Pentest)
If you perform in-house hosting or software development, you must have a penetration test (ethical hacking test) performed on your web environment for your DigiD connection as part of the requirements. This will check your information systems for their vulnerability and you will receive a report with findings. We recommend using Dong-IT for this purpose. View the different offers for penetration testing here.
Take measures yourself to follow up and resolve the findings from the pen test. If the pen test shows that high risks are present in your environment then these should be resolved prior to the audit. - Perform audit
Once the previous stages are completed then the final DigiD audit is performed. The audit is performed by one of our RE auditors.
The reporting involves a prescribed standardized report. This format has been created in consultation with the professional group of auditors(NOREA). The report contains an overview of the actual findings per measure. For each measure, our RE auditors indicate whether it complies. - Send findings to Logius
The last step is to send the report on the DigiD ICT security assessment to Logius. The report must be signed by one of our RE auditors.
Our advice for a smooth DigiD audit
Our experience has shown that conducting an IT security assessment often involves more work than initially anticipated. We therefore recommend scheduling a pre-audit well in advance to prevent any potential issues. Opt for a personalized and pragmatic approach and choose DigiD audit support from our IT auditors registered with NOREA (the professional association of IT auditors in the Netherlands).
DigiD and ENSIA
Since July 2017, the accountability procedure for municipalities regarding DigiD has changed. Municipalities now use the ENSIA accountability methodology. The main objective is to reduce the audit burden on municipalities and to enable them to demonstrate their compliance with information security requirements. Our RE auditors can also help you conduct the ENSIA audit.
Curious about our support for ENSIA, Suwinet, or the BIO? Check out the pages on our website.
2-Control
Please contact us
Do you have any questions or comments about our IT audit services? We are happy to hear from you. Please enter your details in the form below and we will get back to you as soon as possible. You can also contact us directly at the phone number on the left.
Our dedicated team is ready to assist you with any questions or concerns. We strive to provide you with the best service possible.
