Trust & Compliance Center
Welcome to the Claerhout Computer Engineering (CCE) Trust & Compliance Center. This portal provides transparency into our security, privacy, and compliance practices.
Certifications
Completed Certifications
Alimento
Alimento
https://www.alimento.be/nl/opleiders/229580
HP Amplify Membership
HP Amplify Membership
HP Amplify Partner
HPE Business Partner
HPE Business Partner
- Compute Business Partner
- Hybrid Cloud Business Partner
- Networking Business Partner
KMO-Portefeuille (erkende dienstverlener)
KMO-Portefeuille (erkende dienstverlener)
De KMO-Portefeuille is een subsidiemaatregel van de Vlaamse overheid die kleine en middelgrote ondernemingen (KMO’s) financieel ondersteunt bij het volgen van opleidingen en het inwinnen van advies. Organisaties die erkend zijn als dienstverlener voor de KMO-Portefeuille voldoen aan specifieke kwaliteits- en administratieve vereisten en mogen via het platform diensten aanbieden aan Vlaamse ondernemingen.
Deze erkenning biedt klanten niet alleen financiële voordelen, maar ook vertrouwen in de deskundigheid en betrouwbaarheid van de dienstverlener.
Qfor
Qfor
Qfor is het kwaliteitslabel voor dienstverlenende organisaties in België, dat aantoont dat een bedrijf voldoet aan strenge normen voor kwaliteit, klantgerichtheid en continu verbeteren. Het label wordt toegekend op basis van onafhankelijke audits die processen, organisatie en resultaten toetsen aan de Qfor-standaard. Qfor draagt bij aan het versterken van het vertrouwen van klanten en marktpartijen en is een belangrijk onderscheidend kenmerk bij aanbestedingen en contracten in sectoren zoals consultancy, training en facilitair management.
Compliances
Codex Welzijn op het Werk
Codex Welzijn op het Werk
De Codex Welzijn op het Werk is het Belgische wettelijk kader voor veiligheid, gezondheid en welzijn van werknemers, met specifieke verplichtingen voor onder andere bouwplaatsen. De Codex regelt onderwerpen als risicoanalyse, arbeidsmiddelen, gevaarlijke stoffen, psychosociaal welzijn, preventiebeleid en opleiding. Naleving is wettelijk verplicht voor werkgevers in België.
Cyber Fundamentals (CyFun)
Cyber Fundamentals (CyFun)
Vlaams/Nationaal raamwerk dat bedrijven helpt om hun cyberweerbaarheid op basisniveau op orde te brengen. Focus op identificeren, beschermen, detecteren, reageren en herstellen.
GDPR
GDPR
De GDPR (General Data Protection Regulation) is een Europese wetgeving die de privacy en bescherming van persoonsgegevens van burgers binnen de EU regelt. Ze is sinds mei 2018 van kracht en verplicht organisaties om zorgvuldig om te gaan met persoonlijke gegevens, transparant te zijn over het gebruik ervan, en passende beveiligingsmaatregelen te nemen. De GDPR geeft individuen meer controle over hun data en legt bedrijven strenge verplichtingen op, met hoge boetes bij niet-naleving.
NIS2 (EU)
NIS2 (EU)
Europese richtlijn die strengere eisen oplegt aan cybersecurity, vooral voor essentiële en belangrijke sectoren. Vanaf 2024 belangrijk voor veel bedrijven.
Cybersecurity Framework
Our cybersecurity approach is based on the NIST Cybersecurity Framework, which organizes cybersecurity activities into five core functions: Identify, Protect, Detect, Respond, and Recover.
IDENTIFY
BASIC_ID.AM-01.1: An inventory of physical and virtual infrastructure assets — such as hardware, network devices, and cloud-hosted environments — that support information processing shall be documented, reviewed, and updated as changes occur.
BASIC_ID.AM-02.1: An inventory of software, digital services, and business systems used within the organisation shall be documented, reviewed, and updated as changes occur
BASIC_ID.AM-07.1: Data that the organisation stores and uses shall be identified.
BASIC_ID.AM-05.1: The organisation’s assets shall be prioritised based on classification, criticality, and business value.
BASIC_ID.AM-08.2: Patches and security updates for operating systems and critical system components shall be installed.
BASIC_ID.RA-01.1: Threats and vulnerabilities shall be identified in all relevant assets, including software, network and system architectures, and facilities that house critical computing assets
BASIC_ID.RA-05.1: The organisation shall conduct risk assessments in which risk is determined by threats, vulnerabilities and the impact on business processes and assets.
BASIC_ID.IM-03.1: The organisation shall conduct post-incident evaluations to analyse lessons learned from incident response and recovery, and consequently improve processes / procedures / technologies to enhance its cyber resilience.
IDENTIFY
Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
PROTECT
BASIC_PR.AA-01.1: Identities and credentials for authorised users, services, and hardware shall be managed.
BASIC_PR.AA-03.1: All wireless access points used by the organisation, including those providing guest access, shall be securely configured, managed, and monitored to prevent unauthorised access and ensure network integrity.
BASIC_PR.AA-03.2: Multi-Factor Authentication (MFA) shall be required to access the organisation's networks remotely.
BASIC_PR.AA-05.1: Access permissions, rights, and authorisations shall be defined, managed, enforced and reviewed.
BASIC_PR.AA-05.2: It shall be determined who needs access to the organisation's business-critical information and technology and the means to gain access.
BASIC_PR.AA-05.3: Access rights, privileges and authorisations shall be restricted to the systems and specific information needed to perform the tasks (the principle of Least Privilege).
BASIC_PR.AA-05.4: No one shall have administrative privileges for routine day-to-day tasks.
BASIC_PR.AA-06.1: Physical access to all organisational assets, including critical zones, should be managed, monitored, and enforced based on risk.
BASIC_PR.AT-01.1: The organisation shall establish and maintain a cybersecurity awareness and training programme to ensure that all personnel understand how to perform their tasks securely and responsibly.
BASIC_PR.DS-01.9: Enterprise assets shall be disposed of safely.
BASIC_PR.DS-11.1: Backups for the organisation's business-critical data shall be performed and stored on a different system from the device on which the original data resides.
BASIC_PR.PS-04.1: Log records shall be generated and made available for continuous monitoring.
BASIC_PR.PS-05.1: Installation and execution of unauthorised software shall be prevented.
BASIC_PR.IR-01.1: Firewalls shall be installed, configured, and actively maintained on all networks used by the organisation to protect against unauthorised access and cyber threats.
BASIC_PR.IR-01.2: To safeguard critical systems, organisations shall implement network segmentation and segregation aligned with trust boundaries and asset criticality, thereby limiting threat propagation and enforcing strict access control.
PROTECT
Develop and implement appropriate safeguards to ensure delivery of critical infrastructure services.
DETECT
BASIC_DE.CM-01.1: Firewalls shall be installed and operated at the network boundaries, including endpoint firewalls.
BASIC_DE.CM-01.2: Anti-virus, -spyware, and other -malware programs shall be installed and updated.
BASIC_DE.CM-03-1: End point and network protection tools to monitor end-user behaviour for dangerous activity shall be implemented.
BASIC_DE.AE-03.1: The logging functionality of protection and detection tools shall be enabled. Logs shall be backed up and retained for a predefined period and regularly reviewed to identify unusual or potentially harmful activity.
DETECT
Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
RESPOND
BASIC_RS.MA-01.1: The incident response plan is executed in coordination with relevant third parties once an incident is declared.
BASIC_RS.CO-02.1: Internal and external stakeholders shall be notified of incidents.
RESPOND
Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
RECOVER
BASIC_RC.RP-01.1: A recovery process for disasters and information/cybersecurity incidents shall be developed and executed.
RECOVER
Develop and implement appropriate activities to maintain plans for resilience and to restore capabilities impaired by cybersecurity incidents.
GOVERNANCE
BASIC_GV.PO-01.1: Policies and procedures for managing information and cybersecurity shall be established, documented, reviewed, approved, updated when changes occur, communicated and enforced.
BASIC_GV.OC-03.1: Legal and regulatory requirements regarding information and cybersecurity shall be identified and implemented.
BASIC_GV.RM-03.1: As part of the organisation-wide risk management strategy, a comprehensive strategy to manage information and cybersecurity risks shall be developed and updated when changes occur.
BASIC_GV.RR-04.1: Personnel with access to the organisation’s most critical information or technology shall be authenticated.
GOVERNANCE
Cybersecurity framework category for governance functions and controls.