EY CertifyPoint

Founded in 2002, EY CertifyPoint is an accredited, independent and impartial certification institute with experienced auditors all over the world, certifying some of the top international organizations.

Related topics Risk

What EY can do for you

EY CertifyPoint is responsible for decisions about the granting, maintaining, extending, restricting, postponing and withdrawing of certifications for various ISO standards and other certification frameworks. We perform the complete certification path in accordance with procedures and guidelines which are included in specific quality manuals per “type” of certification.

Moreover, as we collaborate with experienced professionals within the EY organization, we can provide clients with knowledgeable, experienced and highly qualified auditors who focus not just on compliance, but also on effectiveness. We want to help clients maximize the benefits of certification.

EY CertifyPoint also provides Lead Implementer and Lead auditor courses, including certification of personnel for several ISO standards.

All activities of EY CertifyPoint take place within the scope of the policy and procedures as stated in its quality manual.

For details of our accreditation registration (#C466), refer to www.rva.nl; and for the EY CertifyPoint certification approach and conditions, refer to this PDF.

Find out more:

  • Certification is more than just being compliant to a standard — it’s about continually improving your business to achieve operational excellence.

    EY CertifyPoint supports clients in meeting their goals by improving the efficiency and effectiveness of their management systems. We keep the business at the center, identifying areas of redundancy, bottlenecks and potential efficiency gains by means of a systematic and independent certification approach against a globally recognized standard.

    Currently we provide certification services for the following standards:

    • ISO 9001 - Quality Management System
    • ISO 14001 - Environment Management System
    • ISO/IEC 20000-1 - IT Service Management System
    • ISO 21500 - Project Management System
    • ISO 22301 - Business Continuity Management System
    • ISO/IEC 27001 - Information Security Management System
    • ISO/IEC 27017 - Cloud Security Controls
    • ISO/IEC 27018 - Protection of Personally Identifiable Information in Cloud
    • OHSAS 18001 - Occupational Health and Safety Management System
    • ISO 50001 - Energy Management
    • ISO 37001 - Anti Bribery Management System
    • ISO 45001 - Occupational Health and Safety Management System
    • World Lottery Association (WLA) assessments
    • CSA STAR certification
    • NEN 7510 - Health Information Security Management System
    • Hébergeur de Données de Santé (HDS)
    • Multi-Layer Cloud Security (MTCS - Singapore)
    • eIDAS - Trust Services and eID
    • GDPR assessment
    • Integrated approach with ISAE3402, SOC and other attestation reports
    • ISO/IEC 27701:2019 - Privacy Information Management System (Unaccredited)

    EY CertifyPoint offers:

    • A global network allowing us to perform certification by local teams in the local language
    • Efficient integrated approach for various standards (such as a combination of ISO/IEC 27001:2013 with ISAE3402, SOC and other attestation reports)
    • A broad view on risk
    • A look beyond compliance to achieve efficiency opportunities
    • Extensive knowledge and track record in conforming to globally recognized standards
    • A knowledge-sharing culture that enhances our service delivery
    • Experience of working with many of the leading global organizations
  • Ernst & Young CertifyPoint B.V. has developed a reliable and efficient methodology for the verification of annual CO2 emissions, which meets the regulatory requirements of EU ETS III. In addition, EY CertifyPoint B.V. is accredited under ISO 14065 and follows the guidelines for verifiers of the relevant local and international authorities.

    Verification involves three steps. In step one, our verifiers analyze a company’s carbon emissions monitoring plan; at this stage, we assess whether it meets regulatory requirements and identify the necessary adjustments.

    In step two, we verify the calculation of reported emissions data. Step three issues the assurance report, which gives an informed, sustained, and independent opinion regarding the company’s emissions report.

    In addition, we provide a report containing our findings and recommendations. Throughout the process, we deliver intermediary reports tailored to your needs.

    We have gained rich experience in EU ETS verifications since 2008. With our tried and tested methodology and a team bringing together technical expertise and ample verification experience, we are well-positioned to provide high-quality and value-added services.

    Strong international presence

    EY has a strong presence across the globe. Our international organization guarantees seamless teamwork between highly skilled, experienced and committed verifiers in all EU member states.

    These verifiers have valuable knowledge and experience in the field of performing annual CO2 emissions verifications in a wide variety of industries across the European Union. In other words, whether you operate in the Netherlands only or cross-border, we can assist you.

    Our accreditation

    EY CertifyPoint B.V. is accredited to issue independent assurance reports providing “reasonable assurance” on emissions within the framework of the EU ETS system. The scope of our verifications is listed in the database of accredited verifiers (accreditation registration #V105: www.rva.nl.)

  • The following EY CertifyPoint clients have successfully achieved certification:

    1. Classmethod, Inc., Tokyo, Japan
      (ISO/IEC 27017:2015) [certificate nr. 2019-036]
    2. Classmethod, Inc., Tokyo, Japan
      (ISO/IEC 27001:2013) [certificate nr. 2019-035]
    3. Classmethod, Inc., Tokyo, Japan
      (ISO/IEC 20000-1:2011) [certificate nr. 2019-034]
    4. DXC Technology, Rijswijk, The Netherlands
      (HDS (HÉBERGEURS DE DONNÉES DE SANTÉ)) [certificate nr. 2019-025]
    5. Oodrive SAS, Paris, France
      (HDS (HÉBERGEURS DE DONNÉES DE SANTÉ)) [certificate nr. 2019-024]
    6. Zivver, Amsterdam, The Netherlands
      (NEN 7510:2017) [certificate nr. 2019-023]
    7. Zivver, Amsterdam, The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2019-022]
    8. Kronos Incorporated, Lowell, United States of America
      (ISO/IEC 27018:2014) [certificate nr. 2019-021]
    9. Kronos Incorporated, Lowell, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2019-020]
    10. Dataplanet N.V., Willemstad, Curaçao
      (ISO/IEC 27001:2013) [certificate nr. 2019-019]
    11. Visma Bluegarden A/S, Ballerup, Denmark
      (ISO/IEC 27001:2013) [certificate nr. 2019-017]
    12. Oracle Cloud Infrastructure, Seattle, Washington, United States of America
      (ISO/IEC 27018:2014) [certificate nr. 2019-016]
    13. Oracle Cloud Infrastructure, Seattle, Washington, United States of America
      (ISO/IEC 27017:2015) [certificate nr. 2019-015]
    14. iDIN B.V., Amsterdam, The Netherlands
      (Regulation (EU) No. 910/2014 (eIDAS)) [certificate nr. 2019-014]
    15. St Jude Medical - Abbott, St. Paul, MN, United States of America (HDS (HÉBERGEURS DE DONNÉES DE SANTÉ)) [certificate nr. 2019-013]
    16. iret, inc., Tokyo, Japan
      (ISO/IEC 20000-1:2011) [certificate nr. 2019-012]
    17. iret, inc., Tokyo, Japan
      (ISO/IEC 27017:2015) [certificate nr. 2019-011]
    18. iret, inc., Tokyo, Japan
      (ISO/IEC 27001:2013) [certificate nr. 2019-010]
    19. SUEZ Spain, S.L., Barcelona, Spain
      (ISO 22301:2012) [certificate nr. 2019-009]
    20. SUEZ Spain, S.L., Barcelona, Spain
      (ISO/IEC 27001:2013) [certificate nr. 2019-008]
    21. OYLO – CYBERSEC CULTURE AWARENESS, S.L., Barcelona, Spain
      (ISO 22301:2012) [certificate nr. 2019-007]
    22. OYLO – CYBERSEC CULTURE AWARENESS, S.L., Barcelona, Spain
      (ISO/IEC 27001:2013) [certificate nr. 2019-006]
    23. Visma IT and Communications AB, Oslo, Norway
      (ISO/IEC 27018:2014) [certificate nr. 2019-005]
    24. Belgian Mobile ID NV/SA, Brussels, Belgium
      (Regulation (EU) No. 910/2014 (eIDAS)) [certificate nr. 2019-004]
    25. Belgian Mobile ID NV/SA, Brussels, Belgium
      (Regulation (EU) No. 910/2014 (eIDAS)) [certificate nr. 2019-003]
    26. Pinkroccade Healthcare B.V., Apeldoorn, The Netherlands (ISO/IEC 27017:2015) [certificate nr. 2019-002]
    27. Visma IT and Communications AS, Oslo, Norway
      (ISO/IEC 27018:2014) [certificate nr. 2019-001]
    28. SoftServe Inc., Lviv, Ukraine
      (ISO/IEC 20000-1:2011) [certificate nr. 2018-024]
    29. Centric Financial Solutions and Services (FSS), Zoetermeer, The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2018-023]
    30. Verily Life Sciences LLC, South San Francisco, California, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2018-022]
    31. Chronicle LLC, Mountain View, California, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2018-021]
    32. Xero Limited, Wellington, New Zealand
      (ISO/IEC 27001:2013) [certificate nr. 2018-020]
    33. Secure-24, Southfield, Michigan, United States of America (ISO/IEC 27018:2014) [certificate nr. 2018-019]
    34. Secure-24, Southfield, Michigan, United States of America (ISO/IEC 27017:2015) [certificate nr. 2018-018]
    35. Cegeka Group N.V., Hasselt, Belgium
      (ISO 9001:2015)[certificate nr. 2018-017]
    36. GlobalSign NV/SA, Leuven, Belgium
      (Regulation (EU) No. 910/2014 (eIDAS)) [certificate nr. 2018-016]
    37. Google Asia Pacific Pte Ltd Singapore, Singapore
      (MTCS SS 584:2015)[certificate nr. 2018-015]
    38. Google Asia Pacific Pte Ltd Singapore, Singapore
      (MTCS SS 584:2015)[certificate nr. 2018-014]
    39. Zalaris ASA, Oslo, Norway
      (ISO 9001:2015) [certificate nr. 2018-013]
    40. Atlassian Pty Ltd., Sydney, Australia
      (ISO/IEC 27001:2013) [certificate nr. 2018-012]
    41. Atlassian Pty Ltd., Sydney, Australia
      (ISO/IEC 27018:2014) [certificate nr. 2018-011]
    42. Zendesk, Inc., San Francisco, California, United States of America
      (ISO/IEC 27018:2014) [certificate nr. 2018-010]
    43. DigitalOcean, LLC, New York, New York, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2018-009]
    44. Zendesk, Inc., San Francisco, California, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2018-008]
    45. QuoVadis Trustlink BV, Nieuwegein, The Netherlands (Regulation (EU) No. 910/2014 (eIDAS)) [certificate nr. 2018-004]
    46. NEC Corporation, Kanagawa, Japan
      (ISO/IEC 20000-1:2011) [certificate nr. 2018-003]
    47. NEC Corporation, Kanagawa, Japan
      (ISO 9001:2015) [certificate nr. 2018-002]
    48. Atos SE, Bezons, France
      (ISO 14001:2015) [certificate nr. 2018-001] 
    49. Cegeka Group N.V., Hasselt Belgium
      (NEN7510:2011) [certificate nr. 2017-029]
    50. Xolphin, Heerhugowaard, The Netherlands
      (ISO 9001:2015) [certificate nr. 2017-027]
    51. Xolphin, Heerhugowaard, The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2017-026]
    52. Secure-24,  Michigan, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2017-025]
    53. Oracle Cloud Infrastructure Services, Seattle, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2017-024]
    54. Oracle Cloud Infrastructure Edge Services,  New Hampshire, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2017-023]
    55. Workday Inc. and Workday Limited, Pleasanton, California (ISO/IEC 27017:2015) [certificate nr. 2017-022]
    56. Onduo LLC, Newton, Massachusetts, United States of America (ISO/IEC 27001:2013) [certificate nr. 2017-020]
    57. UBS Group AG, Zurich, Switzerland
      (ISO 50001:2011) [certificate nr. 2017-017]
    58. MarketAxess, New York City, NY, United States of America (ISO/IEC 27001:2013) [certificate nr. 2017-016]
    59. UBS Group AG, Zurich, Switzerland
      (ISO 14001:2015) [certificate nr. 2017-015]
    60. Aconex Limited, Melbourne, Australia
      (ISO/IEC 27001:2013) [certificate nr. 2017-014]
    61. NEC Corporation, Tokyo, Japan
      (ISO/IEC 27018:2014) [certificate nr. 2017-013]
    62. NEC Corporation, Tokyo, Japan
      (ISO/IEC 27017:2015) [certificate nr. 2017-012]
    63. Workplace by Facebook, Menlo Park, California, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2017-010]
    64. Axon Enterprise, Inc., Scottsdale, Arizona, United States of America
      (ISO/IEC 27018:2014) [certificate nr. 2017-009]
    65. Visma IT and Communications AB, Oslo, Norway
      (ISO 9001:2015) [certificate nr. 2017-008]
    66. Visma IT and Communications AB, Oslo, Norway
      (ISO/IEC 20000-1:2011) [certificate nr. 2017-007]
    67. Visma IT and Communications AB, Oslo, Norway
      (ISO/IEC 27001:2013) [certificate nr. 2017-006]
    68. Internet Initiative Japan Inc., Tokyo, Japan
      (ISO/IEC 27017:2015) [certificate nr. 2017-001]
    69. Lotteries Commission of Western Australia, Osborne Park, Australia
      (ISO/IEC 27001:2013) [certificate nr. 2016-080]
    70. Zalaris ASA, Oslo, Norway
      (ISO/IEC 27001:2013) [certificate nr. 2016-079]
    71. Hyland Software, Inc., Westlake, Ohio, USA
      (ISO/IEC 27001:2013) [certificate nr. 2016-078]
    72. Freudenberg IT, Durham and Morrsiville, NC, United States of America
      (ISO 14001:2015) [certificate nr. 2016-077]
    73. Freudenberg IT, Durham and Morrsiville, NC, USA
      (OHSAS 18001:2007) [certificate nr. 2016-076]
    74. Pinkroccade Healthcare B.V., Apeldoorn, The Netherlands
      (ISO 9001:2015) [certificate nr. 2016-075]
    75. Keylane, Utrecht, The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2016-074]
    76. AFAS Software B.V., Leusden, The Netherlands
      (ISO 9001:2015) [certificate nr. 2016-073]
    77. Dropbox Inc., San Francisco, California, USA
      (ISO/IEC 27017:2015) [certificate nr. 2016-072]
    78. Dropbox Inc., San Francisco, California, USA
      (ISO 22301:2012) [certificate nr. 2016-071]
    79. Dropbox Inc., San Francisco, California, USA
      (CSA STAR CCM 3.0.1) [certificate nr. 2016-070]
    80. Ericsson Group, Stockholm, Sweden
      (ISO/IEC 27001:2013) [certificate nr. 2016-069]
    81. Ericsson Indonesia PT, Jakarta, Indonesia
      (ISO 9001:2015 & ISO 14001:2015 & OHSAS 18001:2007) [certificate nr. 2016-054]
    82. Ericsson Group, Stockholm, Sweden
      (ISO 9001:2015 & ISO 14001:2015 & OHSAS 18001:2007) [certificate nr. 2016-050]
    83. Visma IT and Communications AB, Oslo, Norway
      (ISO 21500:2012) [certificate nr. 2016-017]
    84. Visma IT and Communications AS, Oslo, Norway
      (ISO 21500:2012) [certificate nr. 2016-016]
    85. Ericsson Nikola Tesla d.d., Zagreb, Croatia
      (ISO/IEC 27001:2013) [certificate nr. 2016-014]
    86. Allscripts Healthcare LLC, Beer-sheva, Israel
      (ISO/IEC 27001:2013) [certificate nr. 2016-013]
    87. Pinkroccade Healthcare B.V., Apeldoorn, The Netherlands (ISO/IEC 27001:2013) [certificate nr. 2016-012]
    88. Pinkroccade Healthcare B.V., Apeldoorn, The Netherlands
      (NEN 7510:2011) [certificate nr. 2016-011]
    89. Cegeka Group N.V., Hasselt, Belgium
      (ISO/IEC 27001:2013) [certificate nr. 2016-010]
    90. Herbert Smith Freehills, London, United Kingdom
      (ISO/IEC 27001:2013) [certificate nr. 2016-009]
    91. Google Inc., San Francisco, California, United States of America (ISO/IEC 27001:2013) [certificate nr. 2016-006]
    92. Google Inc., San Francisco, California, United States of America (ISO/IEC 27018:2014) [certificate nr. 2016-005]
    93. Google Inc., San Francisco, California, United States of America (ISO/IEC 27017:2015) [certificate nr. 2016-004]
    94. AFAS Software B.V., Leusden, The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2016-003]
    95. Pinebridge Investments Europe Limited, Dublin, Ireland
      (ISO/IEC 27001:2013) [certificate nr. 2016-002]
    96. La Française des Jeux, Boulogne-Billancourt, France
      (ISO/IEC 27001:2013) [certificate nr. 2015-023]
    97. Bank Dhofar S.A.O.G., Ruwi, Muscat, Sultanate of Oman
      (ISO/IEC 27001:2013) [certificate nr. 2015-021]
    98. Axon Enterprise, Inc., Scottsdale, Arizona, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2015-020]
    99. Visma IT and Communications AS, Oslo, Norway
      (ISO/IEC 27001:2013) [certificate nr. 2015-019]
    100. Centric The Netherlands B.V. – Centric Staffing Services, Ijsselstein, The Netherlands 
      (ISO 9001:2015) [certificate nr. 2015-018]
    101. Workday Inc. and Workday Limited, Pleasanton, California (ISO/IEC 27018:2014) [certificate nr. 2015-017]
    102. Amazon Web Services LLC, Seattle, Washington
      (ISO/IEC 27018:2014) [certificate nr. 2015-016]
    103. Amazon Web Services LLC, Seattle, Washington, United States of America
      (ISO/IEC 27017:2015) [certificate nr. 2015-015]
    104. NTT Communications ICT Solutions, Sydney, Australia
      (ISO/IEC 27001:2013) [certificate nr. 2015-013]
    105. Centric The Netherlands B.V. – Centric SMC, Gouda, The Netherlands
      (ISO 9001:2015) [certificate nr. 2015-012]
    106. Centric The Netherlands B.V. – Centric SMC, Gouda, The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2015-011]
    107. N.V. Nederlandse Gasunie, Groningen,The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2015-010]
    108. Klee Data Systems SA, Le Plessis Robinson, France
      (ISO/IEC 27001:2013) [certificate nr. 2015-009]
    109. Oodrive SA, Paris, France
      (ISO/IEC 27001:2013) [certificate nr. 2015-008]
    110. Thunderhead Limited, Elstree, The United Kingdom
      (ISO/IEC 27001:2013) [certificate nr. 2015-007]
    111. Mybrand, Amstelveen, The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2015-006]
    112. Dropbox Inc., California, United States of America
      (ISO/IEC 27018:2014)[certificate nr. 2015-005]
    113. Zitcom A/S, Skanderborg, Denmark
      (ISO/IEC 27001:2013) [certificate nr. 2015-003]
    114. AT&T, Texas, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2014-018]
    115. LeaseWeb, Amsterdam, The Netherlands,
      (ISO/IEC 27001:2013) [certificate nr. 2014-016]
    116. SoftServe, Inc., Lviv, Ukraine
      (ISO/IEC 27001:2013) [certificate nr. 2014-015]
    117. Amazon Web Services, Inc., Seattle, United States of America (ISO 9001:2015) [certificate nr. 2014-014]
    118. EvoSwitch The Netherlands B.V., Haarlem, The Netherlands
      (ISO 14001:2015) [certificate nr. 2014-013] 
    119. Dropbox Inc., San Francisco, California, United States of Americ (ISO/IEC 27001:2013) [certificate nr. 2014-012]
    120. Visma IT and Communications AS, Oslo, Norway
      (ISO/IEC 20000-1:2011) [certificate nr. 2014-011]
    121. Visma IT and Communications AS, Oslo, Norway
      (ISO 9001:2015) [certificate nr. 2014-010]
    122. Centric The Netherlands B.V. - Business Unit: Centric Public Sector Solutions
      (ISO 9001:2015) [certificate nr. 2014-008] 
    123. Centric The Netherlands BV, The Netherlands
      (ISO 14001:2015) [certificate nr. 2014-007] 
    124. Centric The Netherlands BV, The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2014-005]
    125. Ali Bin Ali, Doha, Qatar
      (ISO/IEC 27001:2013) [certificate nr. 2014-003]
    126. TMF Group Holding B.V., Amsterdam, The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2013-020]
    127. AT&T, Texas, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2013-019]
    128. TINKConnect B.V., The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2013-012]
    129. Centric The Netherlands BV, The Netherlands
      (ISO 9001:2015) [certificate nr. 2013-011] 
    130. Amazon Web Services, Inc., Seattle, United States of America (ISO/IEC 27001:2013) [certificate nr. 2013-009]
    131. Workday Inc., California, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2013-007]
    132. AtoS SA, Bezons, France
      (ISO/IEC 27001:2013) [certificate nr. 2013-006]
    133. AtoS SA, Bezons, France
      (ISO/IEC 20000-1:2011) [certificate nr. 2013-005]
    134. AtoS SA, Bezons, France
      (ISO 9001:2015) [certificate nr. 2013-004]
    135. Freudenberg IT, Weinheim, Germany
      (ISO/IEC 20000-1:2011) [certificate nr. 2013-003]
    136. Freudenberg IT, Weinheim, Germany
      (ISO 9001:2015) [certificate nr. 2013-002]
    137. Vermeg N.V., Tunis, Tunisia
      (ISO/IEC 27001:2013) [certificate nr. 2012-006]
    138. Freudenberg IT – Information Services KG, Weinheim, Germany (ISO/IEC 27001:2013) [certificate nr. 2012-004]
    139. Google Inc., California, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2012-001]
    140. Nationale Loterij, Brussels, Belgium
      (ISO/IEC 27001:2013) [certificate nr. 2011-005]

    *Expired Certificates:

    1. Google Inc, Mountain View, California, United States of America (ISO/IEC 27001:2013) [certificate nr. 2018-007]
    2. Google Inc, Mountain View, California, United States of America (ISO/IEC 27001:2013) [certificate nr. 2018-006]
    3. Mendix, Rotterdam, The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2018-005]
    4. Dupont, Ashburn, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2017-028]
    5. Google Inc., San Francisco, California, United States of America (ISO/IEC 27001:2013) [certificate nr. 2017-021]
    6. Atos SE, Bezons, France
      (ISO 14001:2004) [certificate nr. 2017-019]
    7. Atos SE, Bezons, France
      (ISO 14001:2015) [certificate nr. 2017-018]
    8. Elisa Appelsiini, Helsinki, Finland
      (ISO/IEC 27001:2013) [certificate nr. 2017-011]
    9. Internedservices (IS Group B.V.), Purmerend, The Netherlands (NEN 7510:2011) [certificate nr. 2017-005]
    10. Internedservices (IS Group B.V.), Purmerend, The Netherlands (ISO/IEC 27001:2013) [certificate nr. 2017-004]
    11. Internedservices (IS Group B.V.), Purmerend, The Netherlands (ISO/IEC 20000-1:2011) [certificate nr. 2017-003]
    12. Internedservices (IS Group B.V.), Purmerend, The Netherlands (ISO 9001:2015) [certificate nr. 2017-002]
    13. ENSO Financial Analytics, New York, USA
      (ISO/IEC 27001:2013) [certificate nr. 2016-015]
    14. Google Inc., San Francisco, California, United States of America (ISO/IEC 27001:2013) [certificate nr. 2016-008]
    15. Ionic security, Inc., Atlanta, Georgia, United States of America (ISO/IEC 27018:2014) [certificate nr. 2016-007]
    16. Stichting Bureau Krediet Registratie, Tiel, The Netherlands (ISO/IEC 27001:2013) [certificate nr. 2016-001]
    17. Tabcorp Holding Ltd., Albion, Australia
      (ISO/IEC 27001:2013) [certificate nr. 2015-024]
    18. Atos IT Solutions and Services GmbH Worldline Austria GmbH, Vienna, Austria
      (ISO/IEC 14001:2004) [certificate nr. 2015-022]
    19. Atos GmbH, Meppen, Germany
      (ISO 14001:2004) [certificate nr. 2015-014]
    20. Ionic Security, Inc., Georgia, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2015-004]
    21. Rackspace US Inc., Texas, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2015-002]
    22. Dell SecureWorks, Georgia, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2015-001]
    23. Convergys Corporation, Eagan, Minnesota, United States of America
      (ISO/ IEC 27001:2013) [certificate nr. 2014-009]
    24. Atos France InforGerance
      (ISO 14001:2004) [certificate nr. 2014-006]
    25. Convergys Inc., Ohio, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2014-004]
    26. Qatar First Bank, Doha, Qatar
      (ISO/IEC 27001:2005) [certificate nr. 2014-001]
    27. ConocoPhillips, Houston, Texas, United States of America
      (ISO/ IEC 27001:2013) [certificate nr. 2013-021]
    28. Atos Sweden, Sweden
      (ISO/IEC 9001:2008) [certificate nr. 2013-018]
    29. Atos Belgium n.v./S.A., Huizingen, Belgium
      (ISO/IEC 20000-1:2011) [certificate nr. 2013-017]
    30. Atos Belgium n.v./S.A., Zaventem, Belgium
      (ISO/IEC 9001:2008) [certificate nr. 2013-016]
    31. Atos Nederland BV, Utrecht, The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2013-015]
    32. Atos Nederland BV, Utrecht, The Netherlands
      (ISO/IEC 20000-1:2011) [certificate nr. 2013-014]
    33. Atos Nederland BV, Utrecht, The Netherlands
      (ISO/IEC 9001:2008) [certificate nr. 2013-013]
    34. Amazon Web Services LLC, Seattle, Washington, United States of America
      (ISO/IEC 27001:2013) [certificate nr. 2013-010]
    35. Google Inc., Mountain View, California, United States of America (ISO/IEC 27001:2005) [certificate nr. 2013-008]
    36. AtoS Information Technology GMBH, Essen, Germany
      (ISO 14001:2004 + Cor 1:2009) [certificate nr. 2013-001]
    37. Beheerorganisatie eHerkenning - Logius, The Hague, The Netherlands
      (ISO/IEC 27001:2013) [certificate nr. 2012-005]
    38. Masraf Al Rayan, Doha, Qatar
      (bs25999) [certificate nr. 2012-003]
    39. Bank Dhofar, Ruwi, Muscat, Sultanate of Oman
      (27001:2005) [certificate nr. 2012-002]
    40. Equifax Inc., Alpharetta, Georgia, United States of America (ISO/IEC 27001:2013) [certificate nr. 2011-007]
    41. Rackspace, US Inc., San Antonio, Texas, United States of America
      (27001:2005) [certificate nr. 2011-006]
    42. De Lotto (Stichting De Nationale Sporttotalisator), Rijswijk, The Netherlands
      (27001:2005) [certificate nr. 2011-004]
    43. TALX Corporation, a provider of Equifax Workforce Solutions (A Subsidiary of Equifax, Inc.), St. Louis, Missouri, United States of America
      (27001:2005) [certificate nr. 2011-002]
    44. LotteryWest (Lotteries Commission of Western Australia), OsbornePark, Western Australia
      (27001:2005) [certificate nr. 2011-003]
    45. Qatar First Investment Bank, Doha, Qatar
      (27001:2005) [certificate nr. 2011-001]
    46. TINKiteasy B.V., Amsterdam, The Netherlands
      (27001:2005) [certificate nr. 2010-003]
    47. Amazon Web Services LLC, Seattle, Washington, United States of America
      (27001:2005) [certificate nr. 2010-002]
    48. Workday, Inc., Pleasanton, California, United States of America (27001:2005) [certificate nr. 2010-001]
    49. SAP Business ByDesign,  Walldorf, Germany
      (27001:2005) [certificate nr. 2009-003]
    50. Bank Dhofar, Ruwi, Muscat, Sultanate of Oman
      (27001:2005) [certificate nr. 2009-002]
    51. National Paying Agency Under Ministry of Agriculture, Vilnius, Republic of Lithuania
      (27001:2005) [certificate nr. 2009-001]

    For more details regarding the above certificates, please contact EY CertifyPoint at certifypoint@nl.ey.com.

  • Appeals

    An appeal is a formal record of dissatisfaction by a client about the (process towards the) result of a certification or verification decision.

    Upon receipt of an appeal, CertifyPoint will be responsible for all decisions at all levels of the appeals-handling process. The certification/verification body shall confirm that the persons engaged in the appeals-handling process are different from those who carried out the audits and made the certification/verification decisions.

    Activities
    1. Appeals may be received by every employee, by mail, fax, e-mail or orally. Appeals are required to be submitted in writing, to the attention of the director. 
    2. Upon receipt of an appeal the management assistant will register the appeal in the Appeal register. Appeals will be supplied to the director. The director will as soon as possible (through the management assistant) send a letter or e-mail as confirmation of receipt and consideration to the appealing party. 
    3. The director will have the background and/or cause of the appeal investigated by an employee or employees who is/are independent of the case in concern (and hence have not been involved with the certification or verification audit and the decision process) Within four weeks the findings will be reported to the director. 
    4. The report will be used to develop recovering/corrective proceedings, which must include measures for recovery of certification or verification as soon as possible, prevention of repetition and the assessment of the effectiveness of the applied recovering/corrective measures. 
    5. Within four weeks after confirmation of reception, the director will send the sender a letter with the proposed solution. 
    6. In cases where application of the steps mentioned above does not lead to an acceptable solution or if the presented procedure is unacceptable for the appealing party or other parties involved, the director will report the appeal to the department of juridical matters (Juridische Zaken, or JZ). JZ acts as coordinator and composes an arbitration committee. The members of the arbitration committee will have to be accepted by both parties, by which the impartiality of the judgment can be guaranteed. The complainant formally presents his case, after which the arbitration committee will formulate a written declaration of the findings, decision, and motivation. This decision of CertifyPoint is binding for all parties. 
    7. CertifyPoint maintains files and records of all appeals related to the certification and the verification, as well as recovery actions. Among other things, this is used for analysis during management reviews.

    Complaints

    Activities
    1. Complaints may be received by every employee, by mail, fax, e-mail or orally. The employee is required to report the complaints to the management assistant. 
    2. Upon receival of a complaint the management assistant will register the complaint in the complaint register. The complaint will be supplied to the director. The director will send (through the management assistant) a letter or e-mail as confirmation of receipt and consideration to the complaining party. Upon receipt of a complaint, the director will confirm whether the complaint relates to certification or verification activities that he is responsible for and, if so, will manage it. If the complaint relates to a certified client, then examination of the complaint will consider the effectiveness of the certified management system.
    3. The director will have the background and/or cause of the complaint investigated by an employee or employees who is/are independent of the case in concern (and hence have not been involved with the certification or verification audit and the decision process). Within four weeks the findings will be reported to the director. 
    4. The report will be used to develop recovering/corrective proceedings, which must include measures for recovery of certification or verification as soon as possible, prevention of repetition and the assessment of the effectiveness of the applied recovering/corrective measures. 
    5. Within four weeks after confirmation of reception the director will send the sender a letter with the proposed solution. 
    6. In case application of the steps mentioned above does not lead to an acceptable solution or if the presented procedure is unacceptable for the appealing party or other parties involved, the complainant will be offered the possibility to initiate an appeal. 
    7. In discussion with the client involved, the complainant and CertifyPoint will be determined whether and to which degree the complaint and the selected solution will be made publicly known. 
    8. CertifyPoint maintains files and records of all appeals related to the certification and the verification, as well as recovery actions. Among other things, this is used for analysis during management reviews

    Confidentiality

    Activities
    1. EYCP is responsible for managing information obtained or created during the performance of certification activities.
    2. EYCP shall inform client of any information that it intends to put in public domain. All other information, except for information that is made publicly accessible by the client, shall be considered confidential.
    3. Except as required in ISO/IEC 17021, information about a particular certified client or individual shall not be disclosed to a third party without the written consent of the certified client or individual concerned.
    4. When required by law or authorized by contractual arrangements (such as with the accreditation body) to release confidential information, the client or individual concerned shall, unless prohibited by law, be notified of the information provided.
    5. Information about the client from sources other than the client (e.g. complaint, regulators) shall be treated as confidential.
    6. Personnel, including any committee members, contractors, personnel of external bodies or individuals acting on the EYCP's behalf, shall keep confidential all information obtained or created during the performance of the EYCP's activities except as required by law.
    7. The audit team members are required to sign a confidentiality statement before commencing the audit activities for particular client.

    Use of certification marks

    Activities
    1. The use of EY CertifyPoint's certification mark, possibly in combination with the accreditation mark of the Dutch Accreditation Council [Raad voor Accreditatie], requires the prior written permission of the Managing Director of EY CertifyPoint
    2. The certification and accreditation marks may be used in letters and other documents to the extent that such documents relate to the certified activities. The same rules apply to the use of the certification and accreditation marks in digital documents, such as websites provided it is hyperlinked to (https://www.ey.com/GL/en/Services/Specialty-Services/CertifyPoint). The logo is not be used in an individual email signature block.
    3. The certification and accreditation marks may only be used in documents in combination with the certified organization's logo and/or name. The certification and accreditation marks may not draw more attention than the organization's logo or name. The logo may not be altered in any way except for size.
    4. Certified organizations may use the certification and accreditation marks in promotional material if that material refers to at least some of the certified activities. Any misleading reference whatsoever must be avoided. Accordingly, it must be clear which activities do and which activities do not come under the scope of the Certification. Logos and marks may only be used until the certification is valid – upon suspension, expiration or withdrawal of certification, the marks/ logo may not be used in any way.
    5. Certified organizations may use the certification and accreditation marks in letters. Proposals or offer letters, etc., that do not exclusively relate to certified activities may bear the certification and accreditation marks, provided that such documents clearly show which services are certified and which are not. This also holds true for the documents dispatched together with such documents. If the certification and accreditation marks are used in a proposal or offer, etc., that relates exclusively to activities beyond the certified scope, the following sentence must be included in the document unchanged: "EY CertifyPoint's Certification does not apply to the activities specified in [this letter]." The name of the document (proposal, offer, etc.) must be stated instead of "[this letter]".
    6. The use of the certification and accreditation marks in business cards of staff of certified organizations is not permitted.
    7. To the extent applicable to system Certification, the certification and accreditation marks may not be used on products or packaging of products, or on related products.
    8. The use of the accreditation mark in reports and in Certificates of certified calibration and test laboratories and inspection institutions is excluded.
    9. EY CertifyPoint will be entitled to check the use of the certification and accreditation marks at any time against the rules laid down in this section. The certified organization must render its co-operation in such checks.
    10. The use of EY CertifyPoint's certification mark by organizations that do not have a valid EY CertifyPoint Certification qualifies as misuse. The use of the mark without permission by organizations with a valid Certification also qualifies as misuse. In the event of misuse, EY CertifyPoint will take the measures available to it, such as corrective action, revocation of the Certificate, publication of the violation or legal steps.
    11. Certified organizations may not assign, sublicense or otherwise transfer any rights to use the Logo/ marks to any third party, and acknowledge and agree that any such attempted transfer would be void and unenforceable.
    12. Upon termination of EY CertifyPoint's accreditation, the authorization to use the accreditation mark will end.
  • Learning about certification standards is the first step towards successful implementation of the related management systems and their successful integration in an organization. EY CertifyPoint delivers training courses based upon the learning needs of organizations or individuals. Participants are able to experience the real challenges and benefits of implementing and auditing management systems.

    Our trainers are highly qualified professionals who are experienced not only with auditing the certification standards listed below, but also with implementing these standards, by participating in numerous EY advisory assignments for leading international organizations. We focus on keeping the business at the centre, identifying areas of redundancy, bottlenecks and potential efficiency gains by means of a systematic and independent certification approach against recognized certification standards such as:

    • ISO 9001 - Quality Management System
    • ISO 14001 - Environment Management System
    • ISO/IEC 20000-1 - IT Service Management System
    • ISO 21500 - Project Management System
    • ISO 22301 - Business Continuity Management System
    • ISO/IEC 27001 - Information Security Management System
    • ISO/IEC 27017 - Cloud Security Controls
    • ISO/IEC 27018 - Protection of Personally Identifiable Information in Cloud
    • OHSAS 18001 - Occupational Health and Safety Management System
    • ISO 50001 - Energy Management
    • ISO 37001 - Anti Bribery Management System
    • ISO 45001 - Occupational Health and Safety Management System
    • World Lottery Association (WLA) assessments
    • CSA STAR certification
    • NEN 7510 - Health Information Security Management System
    • Hébergeur de Données de Santé (HDS)
    • Multi-Layer Cloud Security (MTCS - Singapore)
    • eIDAS - Trust Services and eID
    • GDPR assessment
    • Integrated approach with ISAE3402, SOC and other attestation reports
    • ISO/IEC 27701:2019 - Privacy Information Management System (Unaccredited)

    Learn from our professionals

    At EY CertifyPoint, we do not just provide our participants with plain knowledge on the certification standards, but also:

    • Enable our participants to experience the real challenges and benefits of auditing and implementation.
    • Provide our course participants with a wider understanding of practical challenges related to the tasks associated with the certification standards. 
    • Provide our participants with the ability to assess the underlying management system.
    • Enrich our participants’ knowledge, by exposing them to actual case studies and practical examples from previous implementations and audits of the certification Standards. 
    • Provide our participants with a helpful toolkit to support their organization with understanding and implementing the certification standards.

    Courses offered by EY CertifyPoint

    EY CertifyPoint provides four- and five-day courses for several standards. The courses are designed in order to help participants develop the essential skills to implement (and/or audit) a Management System that meets the requirements of each of the ISO standards.

    EY CertifyPoint currently offers courses for the following ISO Standards. Click on the standards for more information:

    • ISO 9001 — Quality Management Lead Implementer/Lead Auditor (4 to 5 day course)
      ISO 9001 specifies the basic requirements for a quality management system (QMS) that an organization must fulfil to demonstrate its ability to consistently provide products (which include services) that enhance customer satisfaction and meet applicable statutory and regulatory requirements. The standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement.
    • ISO 14001 — Environment Management Lead Implementer/Lead Auditor (4 to 5 day course)
      ISO 14001 sets the standards for an environmental management system that helps meet legal requirements and improve environmental performance and sustainability. It specifies the requirements related to an environmental policy (which includes a commitment to prevent pollution), planning, management review, legal compliance, training, improvement and operational controls.
    • ISO/IEC 20000 — IT Service Management Lead Implementer/Lead Auditor (4 to 5 day course)
      ISO 20000 is a standard for quality management specifically focused around IT service management. The standard specifies four key processes related to 1) service delivery — service level, availability and capacity management; 2) relationship — interfaces between the service provider and customers and suppliers; 3) resolution — prevention or resolution of incidents; and 4) controls — managing changes, assets and configurations.
    • ISO 22301 — Business Continuity Management Lead Implementer/Lead Auditor (4 to 5 day course)
      ISO 22301 is a standard that helps organizations be better prepared to handle disruptions to its business operations in order to recover from disruptive incidents when they arise. The standard specifies security requirements for disaster recovery preparedness and business continuity management systems. It specifies what is needed to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system.
    • ISO/IEC 27001 — Information Security Management Lead implementer/Lead auditor (4 to 5 day course)
      ISO 27001 is a standard that helps organizations manage the security of assets such as financial information, intellectual property, employee details or information entrusted to an organization by third parties. It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS), using a continual improvement approach. It provides the foundation for third-party audits and is meant to “harmonize” with other management standards, such as ISO 9001.
    • ISO 50001 — Energy Management Lead Implementer/Lead Auditor (4 to 5 day training)
      The ISO 50001 standard sets the requirements that help organizations design an Energy Management System by developing a policy for a more efficient use of energy, setting targets and objectives that help fulfill the policy and overall to continually improve their energy management. This standard is applicable to any organization, in any sector in a way that it makes it easy to be integrated with other management systems.

      Learning how to design, implement and audit an ISO 50001 Management System is one solution to confirm organizations’ compliance (to the EU Energy Efficiency Directive) but also to develop a framework that improves energy savings.
    • ISO 37001 — Anti-bribery Management Lead Implementer/Lead Auditor (4 to 5 day training)
      ISO 37001 is the standard that helps organizations design a series of measures for preventing, detecting and addressing bribery. These measures include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, employee training, risk assessments and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting and investigation procedures. This standard is applicable to any organization from any sector (either public, or private), in a way that it makes it easy to be integrated with other management systems. It can be adapted to the size and nature of each organization and to the bribery risk it faces.

      Through this training you will have a chance to learn how to design, implement and audit an ISO 37001 Management System to help reduce the risk of bribery, as well as learning how to address bribery where it does occur.
    • ISO/IEC 27017 — Information technology — Security techniques (Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors) Lead Implementer/Lead Auditor (2 to 4 day training)*
      The ISO 27017 Standard gives guidelines for information security controls applicable to the provision and use of cloud services by providing implementation guidance for relevant ISO/IEC 27002 controls and additional controls specifically related to cloud services. This ISO Standard provides controls and implementation guidance applicable to both cloud service providers and cloud service customers.

      Note: a good understanding of Information Security Management System based on ISO27001 standard is required for a stand-alone course on this topic
    • ISO/IEC 27018 — Information technology — Security techniques (Code of practice for information security controls based on ISO/IEC 27002 for cloud services) Lead Implementer/Lead Auditor (2 to 4 day training)*
      ISO/IEC 27018 supports organizations with defining objectives, procedures, controls and guidelines for measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles of ISO/IEC 29100 for the public cloud computing environment.
      This standard specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a public cloud service provider.
      ISO/IEC 27018 is applicable to any organization from any sector (either public, or private), which provides information processing services as PII processor via cloud computing under contract to other organizations.
    • SS 584:2015+C1:2016 — Specification for multi-tiered cloud computing security (MTCS) Lead Implementer/Lead Auditor (2 to 4 day training)*
      The Singapore Standard SS 584: 2015 Specification for multi-tiered cloud computing security, commonly known as MTCS, is the world’s first cloud security standard that covers multiple tiers of cloud security developed under the Information Technology Standards Committee (ITSC) for Cloud Service Providers (CSPs) in Singapore. The standard builds on recognized international standard, such as ISO 27001, with the added enhancement to provide Cloud Service Users with a mechanism to benchmark and tier the capabilities of Cloud Service Providers against a set of minimum baseline security requirements. This benefits the Cloud Service Users by providing assurance to the users that the provider meets accepted minimum baseline security requirements for each tier. Cloud Service Providers benefit from having a mechanism to demonstrate the security of their offerings.
    • ISO 45001 — Occupational Health and Safety Management Lead Implementer/Lead Auditor (4 to 5 day training)
      The ISO 45001 standard, Occupational health and safety management systems – Requirements with guidance for use, is the world’s first International Standard for occupational health and safety (OH&S). It provides a framework to increase safety, reduce workplace risks and enhance health and well-being at work, enabling an organization to proactively improve its OH&S performance. ISO 45001 enables organizations to put in place an occupational health and safety (OH&S) management system. This will help them manage their OH&S risks and improve their OH&S performance by developing and implementing effective policies and objectives.

    *Note: a good understanding of Information Security Management System based on ISO27001 standard is required for a stand-alone course on this topic.

    Note: The ISO 27017, ISO 27018 and MTCS trainings can be combined in a 4 to 5 day training event.

Training calendar 2019

 

Contact us

E-Mail: certifypoint@nl.ey.com
VAT number: NL8113.07.335.B.01
Chamber of Commerce number: 24341681

Contact us

Like what you’ve seen? Get in touch to learn more.