CERTIFICATION
DE REE values quality. That’s why we undergo annual assessments. We take pride in the certificates we have earned.
ISO 23081
MAIS-Flexis is ISO 23081 compliant
MAIS-Flexis is fully ISO 23081 compliant. This internationally recognized standard addresses the principles for managing metadata for archival documents and provides a framework for defining metadata elements.
With the ISO 23081 Compliance Statement, you have the assurance that the MAIS-Flexis application meets all requirements specified in ISO 23081 and, where necessary, can facilitate the organizational implications of metadata requirements.
Additional Assessment on TMLO and the Government Application Profile (TPR)
In MAIS-Flexis, you can metadata in a way that fully aligns with the agreements and requirements described in the Dutch Government Metadata Directive and the Government Metadata Application Profiles (TPR) and Local Government Metadata (TMLO). This allows you to continue using your metadata model according to government guidelines while working with MAIS-Flexis. MAIS-Flexis has been assessed and found compliant with both the Directive and the Application Profiles.
Independent Assessment
MAIS-Flexis undergoes annual assessments on ISO 23081, the Directive, TPR, and TMLO by Van Bussel Document Services, with Dr. G.J. van Bussel serving as an independent auditor.
ISO 16175
MAIS-Flexis is ISO 16175 compliant
In the past months, Van Bussel Document Services, represented by Dr. G.J. van Bussel, as an independent auditor of the NEN-ISO 16175 standard, assessed MAIS-Flexis against the requirements for archiving functionalities outlined in NEN-ISO 16175. During this assessment, it was found that MAIS-Flexis as a metadata system meets the specified requirements and can therefore be considered a NEN-ISO 16175-compliant application. This certification was renewed in 2022 and is valid until December 2025.
Careful record management
We are proud of this achievement as this certification guarantees the quality of our product in relation to record management.
What does NEN-ISO 16175 signify?
“Principles and functional requirements for records in an electronic office environment – Part 1: Overview and statement of principles. The NEN-ISO 16175 standard provides principles and functional requirements for software to create and manage digital information in office environments, which have been internationally agreed upon by the International Council on Archives (ICA). This first part NEN-ISO 16175-1 provides an overview and describes the principles for record management in a digital environment. The second part NEN-ISO 16175-2 specifies the functional requirements for record management software systems. The third part NEN-ISO 16175-3 outlines the functional requirements for information management in business systems.”
* Source: [NORA Wiki] (https://www.noraonline.nl/wiki/NEN-ISO_16175-1)
ED3
MAIS Digital Repository is ED3 compliant
With the growing demand for digital repository solutions, there arose a need within the archival sector for insight into the quality of these solutions. To meet this need, the LOPAI (LOPAI) developed the ED3 framework in a special working group. This framework of ‘Requirements for Sustainable Digital Repositories ‘ (ED3) provides an assessment tool for the secure long-term management of digital files, fully in line with Dutch archival legislation. The ED3 is currently the only assessment framework of its kind for digital repository solutions within the Dutch archival world.
Why an ED3 certification?
With the ED3 Declaration of Compliance from DE REE, we provide a quality guarantee for MAIS Digital Repository and its associated components MAIS-Flexis, MAIS-Ingest, and MAIS-Storage. The assessment report provides insight into how MAIS Digital Repository meets the individual requirements of the ED3. When you have your own organization assessed based on the ED3, the DE REE Declaration of Compliance can demonstrate that the software requirements of the ED3 are met.
A powerful and reliable product
The Declaration of Compliance is awarded to DE REE for meeting the requirements for a digital repository. Additionally, it is rewarded for facilitating our customers to meet those same Digital Repository requirements. The assessment report concludes that MAIS Digital Repository is a powerful and reliable product that can conduct its task (storing and conserving digital archives) to complete satisfaction within a 24/7 monitored software and hardware environment.
A digital repository provision
MAIS Digital Repository provides the software that facilitates the use of digital repositories as a whole. The definition of a Digital Repository is formulated by LOPAI in the 2012 ED3 guidelines as: the entirety of organization, policies, processes and procedures, financial management, personnel, data management, data security, and existing hardware and software, which enables the sustainable management and consultation of digital archival records that need to be preserver.”
The Declaration of Compliance is only awarded to the organization that has ultimate responsibility for the Digital repository as a whole.
Independent Assessment
DE REE commissioned the assessment by Van Bussel Document Services (VDBS), an independent auditing body specializing in standards for archive management. The Declaration of Compliance is valid until 2025, with an annual reassessment.
ISO 27001
Our organisation is ISO27001 certified
We are pleased to announce that the ISO 27001 certificate for Information Security has been renewed until December 25, 2024.
Why an ISO 27001 certificate?
While the digitization of archives brings many benefits in making our history accessible, at DE REE, we also consider the risks associated with it. After all, how do you process the data entrusted to you by your customers in such a way that it is sufficiently available, without risking relevant disclosure restrictions, confidentiality, and data integrity? By adhering to an information security policy based on international standards, DE REE strives to provide an appropriate response to these challenges.
What does the certificate signify?
DE REE processes non-public and person-related data from both commercial and government agencies. It is crucial to adequately protect this valuable information. With the certificate, DE REE aims to assure its customers that the trust they place in us is well-founded.
The ISO 27001 standard represents a proactive, risk-based information security policy. The premise here is that technical measures alone are not sufficient to address IT threats. Therefore, alongside technical measures, DE REE also employs organizational guidelines, such as principles for planning and evaluation (‘Plan, do, check, and act’). This promotes not only technically secure work but also an active focus on process-oriented, secure, work.
An internal Security Committee evaluates the policy and measures at regular intervals. This allows for timely adjustments when necessary (and desired). Thus, the issue of security remains a current topic amid continuous change. By having the policy ‘calibrated’ annually by an independent certification body, we objectively demonstrate that our security policy is adequate.
Who is behind the certificate?
Our business operations have been assessed in line with the ISO standard for information security by the certification body DNV GL. During the validity period of the certificate, a DNV auditor will annually review DE REE’s policy on-site. The business operations are assessed organization-wide to meet the standard, and policies on new developments are also reviewed every year.
Contact Person
For inquiries regarding the certification and our information security, you can contact the Information Security Process Manager. Upon request, she can send the certificate and the corresponding scope statement. You can reach her via email at eholtkamp@de-ree.nl.