Security policies
Certified ISO27001:2022, NRB applies rigorous information security management. We have public policies, available online, that illustrate the transparency of our commitments to data protection and regulatory compliance.
At the same time, strict internal policies, available for review during audits, govern our processes to ensure the security of sensitive information. Public policies:
Public policies:
Risk management policy
NRB’s risk management policy is based on a rigorous, proactive and continuous approach, deployed at all levels of the organisation.
It enables us to:
- Identify, assess and anticipate risks that could affect the company’s performance and sustainability
- Limit their impact
- Integrate their management into strategic decision-making and daily operations This structured and evolving framework helps to strengthen NRB’s resilience, secure its assets and create an environment conducive to innovation and sustainable growth.
Continuity policy
Our continuity policy describes the organisational framework for business continuity at NRB. It enables each employee to understand their role in maintaining critical activities in the event of a crisis.
It is based on the best practices of the ISO22301 standard and is integrated into our ISO9001 and ISO27001-certified management system.
Quality policy
Our quality policy establishes the link between NRB’s overall strategy and our Quality Management System (QMS).
It sets out the principles for ensuring reliable services that meet client expectations and are continuously improving.
Documents available:
Privacy notice
In an increasingly digital environment, NRB collects and processes certain personal data in connection with the provision of its services. Respect for privacy is a fundamental value for NRB. That is why we are committed to processing and protecting personal data in strict compliance with the applicable data protection laws, in particular the General Data Protection Regulation 2016/679 of 27 April 2016 (GDPR) and the Belgian law of 8 December 1992 on the protection of privacy with regard to the processing of personal data (LVP).
Security requirements for external consultants and subcontractors
The security requirements applicable to external consultants and subcontractors are essential to protect the critical data, systems and infrastructure of NRB and its clients.
Any external person with access to our environments must comply with the same rigorous standards as internal employees.
These requirements enable us to:
- Prevent risks associated with non-compliant behaviour
- Ensure compliance with standards such as ISO27001
- Protect confidential information in a manner equivalent to our internal standards.
Security requirements:
Requirements for performing pentests
Penetration tests (pentests) performed by our clients on environments hosted by NRB must comply with a strict framework, ensuring the security and availability of the systems.
These requirements aim to:
- Provide a framework for conducting tests to avoid any negative impact
- Ensure compliance with the applicable standards and regulations (including ISO27001)
- Enable effective and secure assessment of the level of protection.
Before any test, an authorisation form must be completed and validated by all parties.
Authorisation form:
