Vault restructure

Corpus/Standards/other/CyFun certification in Belgium.md

@@ -0,0 +1,77 @@
+# CyFun certification in Belgium
+
+In Belgium, an organization can get certified for the CyberFundamentals-raamwerk (CyFun®) from the Centre for Cybersecurity Belgium (CCB).
+## Certification Process for CyFun®
+
+- **Framework and Authority**: The CyFun® framework is developed and maintained by the CCB, which is designated as Belgium’s National Cybersecurity Certification Authority (NCCA)[^5].
+- **Certification Levels**: The CyFun® framework is structured around several assurance levels (Small, Basic, Important, Essential) that correspond to the organization’s size and risk profile[^1][^5].
+- **Conformity Assessment**: Certification is achieved through a conformity assessment performed by an external, independent, and accredited Conformity Assessment Body (CAB). These CABs must be accredited by BELAC, the Belgian national accreditation body, and authorized by the CCB[^4][^5].
+- **Certification Steps**:
+	- Self-evaluation using the CyFun® self-assessment tool.
+	- Internal implementation and documentation of required measures.
+	- External audit and verification by an accredited CAB.
+	- If compliant, the organization receives an official CyFun® label or certificate[^1][^4][^5].
+- **Legal and Regulatory Context**: Certification for CyFun® is recognized as a way to demonstrate compliance with the NIS2 directive in Belgium. For some organizations, this certification may be voluntary, while for others (especially those in critical sectors), it may be required by law[^1][^5][^6].
+- **Recognition and Assurance**: The certification scheme is validated by BELAC, ensuring that the process is credible and recognized nationally. The CyFun® certificate provides evidence of an organization’s cybersecurity posture to customers, suppliers, regulators, and insurers[^4][^5].
+
+
+**Summary Table**
+
+| Step            | Description                                                 |
+| :-------------- | :---------------------------------------------------------- |
+| Self-assessment | Organization evaluates itself against CyFun® requirements   |
+| Implementation  | Measures are implemented and documented                     |
+| External audit  | Accredited CAB performs independent verification            |
+| Certification   | Organization receives CyFun® certificate/label if compliant |
+
+**In summary:** Organizations in Belgium can obtain official certification for the CyFun® framework through an accredited audit process, providing recognized proof of their cybersecurity measures and compliance with Belgian and EU regulations[^1][^4][^5][^6].
+
+## ISO 27001 certification as proof of compliance
+
+ISO 27001 certification is accepted as proof of compliance with the CyberFundamentals-raamwerk (CyFun®) in Belgium, but with important nuances:
+
+- **Equivalence for NIS2 Compliance**: Organizations falling under the 'Essential' assurance level of the NIS2 directive can choose either ISO 27001 certification or CyFun® certification to demonstrate compliance[^3][^5]. Both are recognized paths for meeting regulatory requirements in Belgium.
+- **Certification Process**: For CyFun®, organizations undergo a specific process involving self-assessment, implementation, and external verification by an authorized Conformity Assessment Body (CAB) accredited by the CCB[^3][^4]. For ISO 27001, certification must also be performed by an accredited CAB with the appropriate scope and statement of applicability[^5].
+- **Scope Alignment Required**: If your organization already holds ISO 27001 certification, you can use it to "fast-track" CyFun® certification by aligning the scope of your ISO 27001 Information Security Management System (ISMS) with CyFun® requirements[^1]. However, this may require mapping your existing controls and documentation to the additional or specific requirements of CyFun®.
+- **Additional Guidance**: While ISO 27001 and CyFun® share many foundational elements, CyFun® includes extra guidance, requirements, and assessment methodologies beyond ISO 27001[^1][^2]. Therefore, holding ISO 27001 certification does not automatically grant CyFun® certification, but it is a strong basis and may significantly reduce the effort required for CyFun® compliance.
+- **Official Recognition**: Both ISO 27001 and CyFun® certifications are officially recognized by Belgian authorities for demonstrating NIS2 compliance, provided the certification is issued by an authorized CAB[^5].
+
+**In summary:** ISO 27001 certification is accepted as proof of CyFun® compliance for regulatory purposes in Belgium, especially for organizations subject to NIS2. However, you may need to ensure your ISO 27001 scope and controls fully cover CyFun® requirements, and certification must be performed by an appropriately accredited CAB[^1][^3][^5].
+  
+---
+
+[^1]: https://codific.com/what-is-cyfun-and-how-to-implement-it/
+[^2]: https://assets.kpmg.com/content/dam/kpmg/be/pdf/2024/NIS2-EVENT-15-05-2024-05-15.pdf
+[^3]: https://qfor.org/nl/cyfun-cyberfundamentals-framework/
+[^4]: https://www.beltug.be/nis2-where-to-begin-the-cyfun-basic-key-measures-are-a-good-starting-point/
+[^5]: https://higherlogicdownload.s3.amazonaws.com/ISACA/1466d1d1-d2d8-471d-a649-d456b914f0c6/UploadedImages/NIS2_CyFun_ISACA_BELGIUM20240904.pdf
+[^6]: https://www.axsguard.com/en_US/blog/our-company-8/new-milestone-axs-guard-achieves-iso-27001-certification-283
+[^7]: http://atwork.safeonweb.be/cyberfundamentals-frequently-asked-questions-faq
+[^8]: http://ccb.belgium.be/ncca
+[^9]: https://atwork.safeonweb.be/sites/default/files/2023-12/CAS CyFun Version 20 November 2023.pdf
+[^10]: https://nl.linkedin.com/pulse/het-cyberfundamentals-framework-renco-schoemaker-3vgye
+
+---  
+
+[^1]: https://qfor.org/nl/cyfun-cyberfundamentals-framework/
+[^2]: https://www.dnv.be/nieuws/cyberfundamentals-certificering-in-ontwikkeling-bij-DNV/
+[^3]: https://ccb.belgium.be/en/certification-service-ccb-certification
+[^4]: https://financialforum.be/en/bfw-digitaal/cyberfundamentals-a-tool-to-reduce-the-cyber-protection-gap
+[^5]: https://atwork.safeonweb.be/sites/default/files/2023-12/CAS CyFun Version 20 November 2023.pdf
+[^6]: https://cyen.eu/index.php/2024/07/08/nis2-in-belgium/
+[^7]: https://www.agoria.be/nl/diensten/expertise/digitalisering/cybersecurity/ccb-cyberfundamentals-framework-een-effectieve-methode-om-de-weerbaarheid-van-uw-organisatie-tegen-cyberdreigingen-te-vergroten
+[^8]: https://codific.com/what-is-cyfun-and-how-to-implement-it/
+[^9]: https://www.beltug.be/nis2-where-to-begin-the-cyfun-basic-key-measures-are-a-good-starting-point/
+[^10]: https://practiceguides.chambers.com/practice-guides/cybersecurity-2025/belgium/trends-and-developments/O20293
+[^11]: https://www.dnv.be/services/cyberfundamentals/
+[^12]: https://atwork.safeonweb.be/tools-resources/cyberfundamentals-framework
+[^13]: http://ccb.belgium.be/nl/ncca
+[^14]: http://atwork.safeonweb.be/nl/tools-resources/cyberfundamentals-framework
+[^15]: https://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2025/april/10/risicomanagementraamwerken/Risicomanagementraamwerken_NL_042025.pdf
+[^16]: https://ccb.belgium.be/sites/default/files/NIS2 FAQ Website v1.0 NL.pdf
+[^17]: http://ccb.belgium.be/ncca
+[^18]: https://www.brainframe.com/cyberfundamentals
+[^19]: https://www.agoria.be/nl/diensten/expertise/digitalisering/cybersecurity/ccb-cyberfundamentals-framework-aantoonbare-cyberveiligheid-voor-uw-klanten-en-partners
+[^20]: https://www.cyberday.ai/blog/what-is-cyberfundamentals
+[^21]: https://annacon.be/wp-content/uploads/2023/11/ANNACON-0x7E7-Johan-Decock.pdf
+