Claerhout Computer Engineering (CCE) logo

Claerhout Computer Engineering (CCE)

Visit our website

Trust & Compliance Center

Welcome to the Claerhout Computer Engineering (CCE) Trust & Compliance Center. This portal provides transparency into our security, privacy, and compliance practices.

Certifications

View our industry certifications and compliance status

Learn more →

Compliance

Explore our regulatory compliance and standards

Learn more →

Cybersecurity

Learn about our cybersecurity framework and controls

Learn more →

Certifications

Completed Certifications
Certificate Badge
Certificate Badge
Certificate Badge
Certificate Badge
Certificate Badge

Alimento

Alimento badge

Alimento

https://www.alimento.be/nl/opleiders/229580


HP Amplify Membership

Valid until Oct 31, 2026
HP Amplify Membership badge

HP Amplify Membership

HP Amplify Partner

HPE Business Partner

Valid until Oct 31, 2026
HPE Business Partner badge

HPE Business Partner

  • Compute Business Partner
  • Hybrid Cloud Business Partner
  • Networking Business Partner

KMO-Portefeuille (erkende dienstverlener)

Valid until Jul 23, 2029
KMO-Portefeuille (erkende dienstverlener) badge

KMO-Portefeuille (erkende dienstverlener)

De KMO-Portefeuille is een subsidiemaatregel van de Vlaamse overheid die kleine en middelgrote ondernemingen (KMO’s) financieel ondersteunt bij het volgen van opleidingen en het inwinnen van advies. Organisaties die erkend zijn als dienstverlener voor de KMO-Portefeuille voldoen aan specifieke kwaliteits- en administratieve vereisten en mogen via het platform diensten aanbieden aan Vlaamse ondernemingen.

Deze erkenning biedt klanten niet alleen financiële voordelen, maar ook vertrouwen in de deskundigheid en betrouwbaarheid van de dienstverlener.

Qfor

Qfor badge

Qfor

Qfor is het kwaliteitslabel voor dienstverlenende organisaties in België, dat aantoont dat een bedrijf voldoet aan strenge normen voor kwaliteit, klantgerichtheid en continu verbeteren. Het label wordt toegekend op basis van onafhankelijke audits die processen, organisatie en resultaten toetsen aan de Qfor-standaard. Qfor draagt bij aan het versterken van het vertrouwen van klanten en marktpartijen en is een belangrijk onderscheidend kenmerk bij aanbestedingen en contracten in sectoren zoals consultancy, training en facilitair management.

Compliances

Codex Welzijn op het Werk

Codex Welzijn op het Werk

De Codex Welzijn op het Werk is het Belgische wettelijk kader voor veiligheid, gezondheid en welzijn van werknemers, met specifieke verplichtingen voor onder andere bouwplaatsen. De Codex regelt onderwerpen als risicoanalyse, arbeidsmiddelen, gevaarlijke stoffen, psychosociaal welzijn, preventiebeleid en opleiding. Naleving is wettelijk verplicht voor werkgevers in België.

Cyber Fundamentals (CyFun)

Cyber Fundamentals (CyFun)

Vlaams/Nationaal raamwerk dat bedrijven helpt om hun cyberweerbaarheid op basisniveau op orde te brengen. Focus op identificeren, beschermen, detecteren, reageren en herstellen.

GDPR

GDPR

De GDPR (General Data Protection Regulation) is een Europese wetgeving die de privacy en bescherming van persoonsgegevens van burgers binnen de EU regelt. Ze is sinds mei 2018 van kracht en verplicht organisaties om zorgvuldig om te gaan met persoonlijke gegevens, transparant te zijn over het gebruik ervan, en passende beveiligingsmaatregelen te nemen. De GDPR geeft individuen meer controle over hun data en legt bedrijven strenge verplichtingen op, met hoge boetes bij niet-naleving.



Informatie : AVG Toolbox

NIS2 (EU)

NIS2 (EU)

Europese richtlijn die strengere eisen oplegt aan cybersecurity, vooral voor essentiële en belangrijke sectoren. Vanaf 2024 belangrijk voor veel bedrijven.

Cybersecurity Framework

Our cybersecurity approach is based on the NIST Cybersecurity Framework, which organizes cybersecurity activities into five core functions: Identify, Protect, Detect, Respond, and Recover.

IDENTIFY

BASIC_ID.AM-01.1: An inventory of physical and virtual infrastructure assets — such as hardware, network devices, and cloud-hosted environments — that support information processing shall be documented, reviewed, and updated as changes occur.

BASIC_ID.AM-02.1: An inventory of software, digital services, and business systems used within the organisation shall be documented, reviewed, and updated as changes occur

BASIC_ID.AM-07.1: Data that the organisation stores and uses shall be identified.

BASIC_ID.AM-05.1: The organisation’s assets shall be prioritised based on classification, criticality, and business value.

BASIC_ID.AM-08.2: Patches and security updates for operating systems and critical system components shall be installed.

BASIC_ID.RA-01.1: Threats and vulnerabilities shall be identified in all relevant assets, including software, network and system architectures, and facilities that house critical computing assets

BASIC_ID.RA-05.1: The organisation shall conduct risk assessments in which risk is determined by threats, vulnerabilities and the impact on business processes and assets.

BASIC_ID.IM-03.1: The organisation shall conduct post-incident evaluations to analyse lessons learned from incident response and recovery, and consequently improve processes / procedures / technologies to enhance its cyber resilience.

IDENTIFY

Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.

PROTECT

BASIC_PR.AA-01.1: Identities and credentials for authorised users, services, and hardware shall be managed.

BASIC_PR.AA-03.1: All wireless access points used by the organisation, including those providing guest access, shall be securely configured, managed, and monitored to prevent unauthorised access and ensure network integrity.

BASIC_PR.AA-03.2: Multi-Factor Authentication (MFA) shall be required to access the organisation's networks remotely.

BASIC_PR.AA-05.1: Access permissions, rights, and authorisations shall be defined, managed, enforced and reviewed.

BASIC_PR.AA-05.2: It shall be determined who needs access to the organisation's business-critical information and technology and the means to gain access.

BASIC_PR.AA-05.3: Access rights, privileges and authorisations shall be restricted to the systems and specific information needed to perform the tasks (the principle of Least Privilege).

BASIC_PR.AA-05.4: No one shall have administrative privileges for routine day-to-day tasks.

BASIC_PR.AA-06.1: Physical access to all organisational assets, including critical zones, should be managed, monitored, and enforced based on risk.

BASIC_PR.AT-01.1: The organisation shall establish and maintain a cybersecurity awareness and training programme to ensure that all personnel understand how to perform their tasks securely and responsibly.

BASIC_PR.DS-01.9: Enterprise assets shall be disposed of safely.

BASIC_PR.DS-11.1: Backups for the organisation's business-critical data shall be performed and stored on a different system from the device on which the original data resides.

BASIC_PR.PS-04.1: Log records shall be generated and made available for continuous monitoring.

BASIC_PR.PS-05.1: Installation and execution of unauthorised software shall be prevented.

BASIC_PR.IR-01.1: Firewalls shall be installed, configured, and actively maintained on all networks used by the organisation to protect against unauthorised access and cyber threats.

BASIC_PR.IR-01.2: To safeguard critical systems, organisations shall implement network segmentation and segregation aligned with trust boundaries and asset criticality, thereby limiting threat propagation and enforcing strict access control.

PROTECT

Develop and implement appropriate safeguards to ensure delivery of critical infrastructure services.

DETECT

BASIC_DE.CM-01.1: Firewalls shall be installed and operated at the network boundaries, including endpoint firewalls.

BASIC_DE.CM-01.2: Anti-virus, -spyware, and other -malware programs shall be installed and updated.

BASIC_DE.CM-03-1: End point and network protection tools to monitor end-user behaviour for dangerous activity shall be implemented.

BASIC_DE.AE-03.1: The logging functionality of protection and detection tools shall be enabled. Logs shall be backed up and retained for a predefined period and regularly reviewed to identify unusual or potentially harmful activity.

DETECT

Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.

RESPOND

BASIC_RS.MA-01.1: The incident response plan is executed in coordination with relevant third parties once an incident is declared.

BASIC_RS.CO-02.1: Internal and external stakeholders shall be notified of incidents.

RESPOND

Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.

RECOVER

BASIC_RC.RP-01.1: A recovery process for disasters and information/cybersecurity incidents shall be developed and executed.

RECOVER

Develop and implement appropriate activities to maintain plans for resilience and to restore capabilities impaired by cybersecurity incidents.

GOVERNANCE

BASIC_GV.PO-01.1: Policies and procedures for managing information and cybersecurity shall be established, documented, reviewed, approved, updated when changes occur, communicated and enforced.

BASIC_GV.OC-03.1: Legal and regulatory requirements regarding information and cybersecurity shall be identified and implemented.

BASIC_GV.RM-03.1: As part of the organisation-wide risk management strategy, a comprehensive strategy to manage information and cybersecurity risks shall be developed and updated when changes occur.

BASIC_GV.RR-04.1: Personnel with access to the organisation’s most critical information or technology shall be authenticated.

GOVERNANCE

Cybersecurity framework category for governance functions and controls.