By Mikkel Hald, 19/08/25
Summer is peak season for audits at WAYF, with an external NSIS review in May and an ISO 27001 audit in June or August. Later in the summer, it is time for our internal GDPR compliance review.
This year’s external ISO audit was conducted on August 11–13 by DNV. It was a comprehensive, full-scale review – a so-called re-certification audit – where every aspect must be assessed from the ground up. Although extensive, the process was valuable, as it once again confirmed that WAYF effectively manages its risks and countermeasures through well-defined and consistently applied procedures. The audit result was excellent, with no non-conformances or observations.
WAYF was first certified under ISO 27001 in 2021 and has maintained the certification ever since. At the time, it was an extension of the certification already held by the DeiC Research Network for its hosting service. Since then, more parts of the organisation have been included: first DKCERT in 2024, and this year all 350 locations nationwide that contribute to the operation of the Research Network itself.