+31 (0)73 220 2000 | info@brandcompliance.com
English
  • Dutch
  • English
  • French
  • Français
  • België
  • Dutch
  • English
  • French
  • Français
  • België
Brand Compliance
  • Certify
    • ISO 9001
    • ISO 22301 (BCM)
    • ISO 19770-1 (IT-assets)
    • ISO 27001
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 27701 (Privacy)
    • NEN 7510
  • IT Assurance
    • SOC 2
  • Vacancies
  • Knowledge base
  • BC Academy
Discuss your situation
  • Information security
    • ISO 27001
    • NEN 7510
    • CyFun
      • CyFun verification
      • Request CyFun verification
    • ISO 27799
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 19770-1
  • Privacy
    • BC 5701
    • ISO 27701
    • GDPR standard BC 5701:2024 EN
  • IT assurance
    • SOC 2
    • ISAE 3402
    • ISAE 3000
  • Quality & continuity
    • ISO 9001
    • ISO 14001
    • ISO 22301
  • Knowledge & news
    • Knowledge articles
    • News
  • Academy
    • All training courses
    • NIS2 & CyFun
    • ISO 27001
  • About us
    • Accreditations
    • Careers
    • Compliment, complaint or tip
    • Locations
    • Privacy Statement
    • Contact

Preparing for certification

6
  • Certification checklist: how to prepare for certification
  • Do you have your first certification audit soon?
  • The certification process step by step
  • How long does ISO certification take?
  • How to conduct an internal audit
  • Describing the scope of certification: tips and examples

Audit process & certification cycle

7
  • Initial audit Stage 1
  • Initial audit Stage 2
  • What is a certification cycle?
  • Nonconformities within the management system
  • What should you know about certificate suspension or revocation?
  • Transfer of certification
  • The use of certification logos

Management systems & key concepts

6
  • Whitepaper management system audits
  • Quality Management: best practices for success
  • The Brand Compliance glossary
  • What is a management system?
  • Internal or external audit?
  • Accreditation versus certification

Information security

3
  • Excelling in information security: best practices
  • Operational Capabilities: The Backbone of Information Security
  • The Traffic Light Protocol (TLP): what does it mean for you?

NEN 7510 & healthcare

4
  • Transition to NEN 7510-1:2024
  • NEN 7510 without healthcare institution?
  • How to expand with NEN 7510
  • The differences between ISO 27001 and NEN 7510

NIS2 & CyberFundamentals

5
  • ISO 27001 in a NIS2 context in Belgium
  • CyberFundamentals 2025: transition from CyFun 2023 to 2025
  • Self-assessment & CyFun verification: best chance of success
  • NIS2 liability for board members
  • CyberFundamentals Framework in Belgium: what is the relationship with NIS2?

Privacy & data protection

8
  • Transition to ISO/IEC 27701:2025
  • GDPR compliance best practices
  • Data breach: What is it and how do you prevent it?
  • Your Data Protection Officer and the GDPR
  • Your record of processing activities and the GDPR
  • Checklist for your BC 5701 certification
  • BC 5701 certification: where do you start?

Assurance audits

1
  • ISAE 3402 vs SOC 2: what is the difference?
View Categories

CyberFundamentals 2025: transition from CyFun 2023 to 2025

Transition from CyberFundamentals 2023 to CyberFundamentals 2025CyberFundamentals 2025 is the revised version of CyberFundamentals 2023. This update aligns more closely with international standards, current cyber threats and the Belgian context surrounding NIS2.

There is no need to switch immediately. A transition period applies during which CyFun 2023 and CyFun 2025 remain available in parallel. However, it is advisable to assess in good time what the changes mean for your organisation, documentation, planning and any verification or certification process.

Transition period from CyberFundamentals 2023 to 2025 #

During the transition period, both CyberFundamentals 2023 and CyberFundamentals 2025 can be used. Until 18 April 2027, you may choose verification or certification based on CyFun 2023 or CyFun 2025.

Certificates and verification statements based on CyFun 2023 remain valid until 18 April 2028 at the latest. After that date, only CyFun 2025 will be accepted.

Key changes in CyFun 2025 #

CyberFundamentals 2025 includes substantive and editorial improvements. The main changes are:

  • Stronger alignment with international standards and legislation: CyFun 2025 aligns more closely with NIST Cybersecurity Framework 2.0 and the European NIS2 Directive.
  • Expansion and clarification of controls: the controls and guidance have been revised and formulated more clearly.
  • More focus on supply chain security and OT security: the new version explicitly addresses the security of the supply chain and operational technology.
  • Incorporation of user feedback: feedback from practice has been used to make the framework clearer and more practical.
  • Introduction of Governance Measures: new in CyFun 2025 are Governance Measures, aimed at strengthening cybersecurity governance at board level.
  • More extensive guidance and interpretation: the guidance has been expanded so that organisations can better determine what is expected of them.
  • Improved structure and readability: editorial, grammatical and structural improvements have also been made.

What does this mean for your organisation? #

Is your organisation already working with CyFun 2023, or are you preparing for a verification or certification process? Then it is advisable to assess in good time which version best fits your planning, documentation and cybersecurity approach.

It is important not only to consider the validity of existing processes, but also the impact of the new requirements. This includes governance, supply chain security, OT security and the way controls are documented.

Would you like to understand how CyFun is used in the Belgian NIS2 context? Read the article about the CyberFundamentals Framework in Belgium.

CyFun 2025 and NIS2 #

In Belgium, CyFun can play a role in demonstrating a presumption of conformity with NIS2 legislation. This does not mean that an organisation automatically demonstrates such a presumption. The correct wording, interpretation and assessment remain important.

Organisations preparing for CyFun can also use a CyFun verification. This provides insight into the extent to which your organisation aligns with the relevant requirements within the CyberFundamentals Framework.

Does your organisation already have ISO 27001 certification, or are you considering this route? Read the article about ISO 27001 in a NIS2 context in Belgium.

Preparing for CyFun verification #

The transition to CyFun 2025 requires a timely assessment of the differences between the old and new version. Consider, among other things:

  • the version your organisation is currently preparing for;
  • the desired date for verification or certification;
  • the impact of new or changed controls;
  • the documentation that may need to be updated;
  • the extent to which governance, supply chain security and OT security have already been implemented.

Would you like to know what CyFun verification involves? View the page about CyFun verification.

FAQ about the transition from CyFun 2023 to 2025 #

Do you need to switch to CyberFundamentals 2025 immediately? #

No. During the transition period, you may still choose between CyFun 2023 and CyFun 2025. This transition period runs until 18 April 2027.

Until when will certificates and verification statements based on CyFun 2023 remain valid? #

Certificates and verification statements based on CyFun 2023 remain valid until 18 April 2028 at the latest.

What changes in CyberFundamentals 2025? #

CyberFundamentals 2025 aligns more closely with NIST Cybersecurity Framework 2.0 and NIS2, places more emphasis on supply chain security and OT security, introduces Governance Measures and provides more extensive guidance for interpretation and implementation.

Does CyFun 2025 automatically provide a presumption of conformity with NIS2 legislation? #

No. In the Belgian context, CyFun can play a role in determining a presumption of conformity with NIS2 legislation. This requires careful assessment and wording.

Which version is the best fit for your organisation? #

This depends on your planning, the status of your documentation, the desired timing of verification or certification and the impact of the changes in CyFun 2025.

Questions about your situation? #

Do you have questions about the impact of CyberFundamentals 2025 on your organisation, verification or certification? Request a CyFun verification or contact us via +32 14 48 0730 or info@brandcompliance.com.

Share This Article :

  • Facebook
  • X
  • LinkedIn
Updated on 6 July 2026
ISO 27001 in a NIS2 context in BelgiumSelf-assessment & CyFun verification: best chance of success
Contents
  • Transition period from CyberFundamentals 2023 to 2025
  • Key changes in CyFun 2025
  • What does this mean for your organisation?
  • CyFun 2025 and NIS2
  • Preparing for CyFun verification
  • FAQ about the transition from CyFun 2023 to 2025
    • Do you need to switch to CyberFundamentals 2025 immediately?
    • Until when will certificates and verification statements based on CyFun 2023 remain valid?
    • What changes in CyberFundamentals 2025?
    • Does CyFun 2025 automatically provide a presumption of conformity with NIS2 legislation?
    • Which version is the best fit for your organisation?
  • Questions about your situation?

Accreditation

RvA C548Brand Compliance B.V. has accreditation (C548) to certify ISO 27001, ISO 27701 NEN 7510 and ISO 9001 technical area 33 information technology and 35 other services.

View our accreditations

Contact

Have a question about certification, verification or assurance?

info@brandcompliance.com
+31 (0)73 220 2000

Prefer local contact details?
View our locations

Our locations

‘s-Hertogenbosch, The Netherlands

Antwerp, Belgium

Ottignies-Louvain-la-Neuve, Belgium

Stockholm, Sweden

Dublin, Ireland

Luxembourg, coming soon

Practical information

Privacy statement

Terms and conditions

Company details

Feedback and complaints

 

© Copyright 2026 Brand Compliance
Thank you for your rating!
Thank you for your rating and comment!
This page was translated from: Dutch
Please rate this translation:
Your rating:
Change
Please give some examples of errors and how would you improve them: