Summary:
This article summarizes Salure’s ISO 27001 certification and the main control areas that apply to BrynQ.

BrynQ ISO 27001 certification overview
Salure, the organization behind BrynQ, operates an Information Security Management System (ISMS) certified to ISO/IEC 27001:2022.

Certificate details and scope

• Certificate number: 286788-2019-AIS-NLD-UKAS.

• First certification date: 29 August 2019.

• Current validity: 29 August 2025 – 28 August 2028.

• Scope: supporting process optimization, implementation and management of software packages, providing payroll advice and administration, and developing and delivering software and Business Intelligence services.

• BrynQ is part of this scope as one of the software and BI services of Salure.

Locations covered

• The certificate applies to Salure Holding B.V., Salure B.V. and Salure Finance B.V., all located at Gentseweg 17, 2803 PC Gouda, Netherlands.

• Together these entities handle process optimization, software implementation, payroll services, and software/BI development.

Statement of Applicability and control areas

• The Statement of Applicability lists the ISO 27001 Annex A controls that are selected and implemented.

• Important control areas include:

  • Information security policies and organization of information security.

  • Personnel security, asset management, and access control.

  • Cryptography, physical and environmental security.

  • Operations security (malware, backup, logging, change management).

  • Communications security and system acquisition, development, and maintenance.

  • Supplier relationships, incident management, and business continuity.

  • Compliance with laws and regulations, contracts, privacy, and technical standards.

• Some controls are “not applicable”, for example special secure physical areas or formal loading bays, because they do not fit Salure’s office-based operations.

How BrynQ fits into the certification

• The development, hosting, and operation of BrynQ use the same ISMS, development policy, and technical controls described in the certificate and Statement of Applicability.

• This means BrynQ benefits from documented policies, regular risk assessments, internal audits, and external certification audits.

Procedure:

1. When your organization asks for certificates, provide a copy of Salure’s ISO 27001 certificate (English or Dutch) and its location appendix.

2. Point auditors or security reviewers to the “Certificate details and scope” section so they understand which activities and entities are covered.

3. Use “Statement of Applicability and control areas” to summarize which ISO domains are implemented.

4. In your vendor register, record that BrynQ, as a software and BI service, falls under the certified ISMS.

5. If needed, request the latest Statement of Applicability from Salure for a detailed review.

Additional Information:

• The Statement of Applicability gives a reason for each control, such as laws, contracts, business requirements, or risk assessment results.