Our standards


On this page we describe how Awareways strives to be a secure provider of security awareness solutions, committed to relevant laws, regulations and quality standards.

Awareways complies with ISO 27001 and ISO 9001

Complying with these requirements means

ISO 27001

  • ISO 27001 certification successful
  • Risk and vulnerability assessment
  • Policies to maintain the level of information security
  • Back-up and recovery testing
  • Yearly pentesting

ISO 9001

  • ISO 9001 certification successful
  • processes visualized
  • Quality controls as part of the processes
  • Plan-Do-Check-Act cycle as part of the processes.
  • Yearly checks of the processes

Adapting to changes in a digital world

The world around us is constantly changing, and so is our digital environment. It is therefore important to be aware of all current laws and regulations as well as any future legislation that may be implemented.

Awareways also actively monitors vulnerabilities and trends in the cyber landscape. We do so by using the knowledge and services of the National Cyber Security Center, the Digital Trust Center and other reputable cybersecurity parties.

ISO team

The Awareways ISO team is concerned with information security within the organization. The focus is placed on the Information Security Management System (ISMS), the processes associated with it and the mitigation of risks and incidents. The subject of privacy also falls within the responsibility of the ISO team.

Everyone within the organization is kept informed by the ISO team of relevant changes and/or points of attention within these themes. Furthermore, the team takes care of the implementation of the security awareness program for our colleagues.


Awareways is ISO 27001 and ISO 9001 certified. These certifications provide insight into the information processes at Awareways, the security measures taken, how they are periodically checked through internal and external audits and quality management.

Information security

The ISO 27001 certificate demonstrates that Awareways complies with the requirements around information security. The ISMS is aimed at securing information in relation to the development, management and provision of methodologies (training, communication, measurement and tooling) for awareness, knowledge, recognition and action in risky situations regarding information and data.

Quality management

When implementing a security awareness program, certain quality standards are adhered to, which are defined in our documentation.

Awareways has the ISO 9001 certificate. The organization is pursuing a well-functioning quality management system.

The following processes will fall within the scope of this quality management system:

  • vision and planning regarding the innovation of Awareways products;
  • development and production of services that are deployed to customers;
  • rollout and service of a full security awareness program for clients/customers;
  • evaluating the fulfilment of client’s needs and wants.
Engine laptop

Software development

The development of our SaaS solutions and online products is carried out by both internal and external developers, applying the privacy-by-design and privacy-by-default principles. With our external developers, we have laid this down in a Secure Software Development policy. The SaaS solutions and online products are periodically tested by independent cybersecurity partners through pen testing. Any vulnerabilities that are identified are resolved.

Personal data and privacy

Customer information & data processing
To ensure that all customer information is secure and processed correctly, it is only stored within the European Economic Area (EEA). The hosting of all AWAREWAYS services takes place within the Netherlands using certified hosting partners. In this way, privacy is ensured and personal data is adequately protected. Furthermore, Awareways only processes data that is necessary, and this data is deleted as soon as it is no longer used.

In consultation with the client, it is agreed which data is interesting to use when deploying an intervention and whether the client wants the data to be anonymized. In doing so, Awareways has made the choice in some cases to anonymize the data by default for certain services (including our Culture Scan).

To ensure that data is also secure with Awareways suppliers and that they deliver a good product, the organization has a supplier selection procedure. Relevant documentation, certifications and legal agreements are considered. In addition, a supplier has a non-disclosure agreement with all suppliers and a processing agreement when the supplier processes personal data.

Working with Awareways

Worried that cybercriminals have a high chance of success with your employees? Concerned that they will click on a wrong e-mail in good faith, or fail to expose a social engineer? Afraid that the GDPR is not always being complied with because of limited familiarity with privacy laws?

Awareways Security Awareness Training
help make information security the new standard.

Please feel free to contact us for more information.


Euclideslaan 141 3584 BR Utrecht
+31 (0)30 227 14 67