Verify any claim · lenz.io
Claim analyzed
Tech“Zenya (Infoland) holds ISO 9001 and ISO/IEC 27001 certifications that are audited by DNV GL.”
Submitted by Daring Wolf 0065
The conclusion
Available evidence clearly supports Zenya's ISO/IEC 27001 certification under DNV. The ISO 9001 portion is plausible and repeatedly stated by Zenya, including references to DNV GL verification, but the provided record does not include a matching DNV-issued ISO 9001 certificate. So the overall claim is largely accurate, but not equally substantiated in both parts.
Caveats
- The ISO/IEC 27001 part is backed by DNV-issued certificates; the ISO 9001 part is supported only by Zenya's own public statements in the provided evidence.
- The claim presents both certifications with equal certainty even though the evidentiary strength is different for each one.
- “DNV GL” is the organization's former name; current certificates and branding use “DNV.”
Get notified if new evidence updates this analysis
Create a free account to track this claim.
Sources
Sources used in the analysis
This is to certify that the management system of Infoland B.V. h.o.d.n. Zenya, HTC 91, 5656 AG Eindhoven, Netherlands has been found to conform to the Information Security Management System standard: ISO/IEC 27001:2022. Valid: 19 March 2025 – 18 March 2028. For the issuing office: Barendrecht, 27 January 2026. DNV – Business Assurance… ACCREDITED UNIT: DNV Business Assurance B.V., Zwolseweg 1, 2994 LB, Barendrecht, Netherlands.
MANAGEMENT SYSTEM CERTIFICATE. Certificate no.: 204638-2016-AIS-NLD-UKAS. Initial certification date: 13 February 2017. Valid: 19 March 2025 – 18 March 2028. This is to certify that the management system of Infoland B.V. h.o.d.n. Zenya… has been found to conform to the Information Security Management System standard: ISO/IEC 27001:2022. For the issuing office: London, 25 January 2025. DNV – Business Assurance… ACCREDITED UNIT: DNV Business Assurance UK Limited.
ISO/IEC 27001 Certification: Information Security Management System. Strengthen resilience and protect against cyber- and security attacks and proactively manage risks. DNV is an accredited third-party certification body and offers certification services for ISO/IEC 27001 and related information security standards.
DNV explains what ISO 9001 certification entails: "**ISO 9001 is an internationally recognised standard for quality management systems (QMS).** It defines the requirements an organisation should follow to consistently deliver products and services that meet customer and regulatory requirements, while continually improving its processes." It further states: "**ISO 9001 certification is a formal, independent confirmation that an organisation’s quality management system (QMS) meets the requirements of the ISO 9001 standard. It is granted by an accredited certification body following an audit** and demonstrates that the organisation has effective processes in place."
DNV describes ISO/IEC 27001 certification: "The **ISO/IEC 27001 certification** is the most recognized international standard for information security management systems, applicable to any organization, regardless of size, industry or geographical location." It notes: "**Certification to ISO/IEC 27001 by an independent third-party like DNV demonstrates the organization’s security management system meets the standard and that you can systematically protect information and manage security risks.**" It also explains that to achieve certification an organization must implement an ISMS and then "**undergo an independent third-party audit for verification of conformity**."
ISO/IEC 27001 is the internationally recognized standard for information security management systems (ISMS). DNV is an accredited third-party certification body and can provide training, gap analysis and accredited certification to ISO/IEC 27001 for organizations that meet the requirements.
ISO/IEC 27001:2022 specifies requirements for establishing, implementing, maintaining and continually improving an information security management system. Organizations that meet these requirements can be certified by accredited certification bodies.
ISO explains that ISO 9001 is a quality management standard and that organizations may seek certification from external certification bodies. This provides background on what an ISO 9001 certification means, but it does not address Zenya or DNV GL specifically.
ISO describes ISO/IEC 27001 as the international standard for information security management systems and notes that organizations can be certified against it. This is relevant context only; it does not verify Zenya’s certification status or auditor.
ISO 9001:2015 specifies requirements for a quality management system when an organization needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements. Organizations may be certified to ISO 9001 by accredited certification bodies.
DNV publishes news about certification and assurance work across industries. While this page does not mention Zenya directly, it is the authoritative publisher to check for any statement about auditing or certifying Infoland/Zenya.
In the section describing its compliance, Zenya states: "To keep us sharp and demonstrate our quality, **we are ISO 9001 and ISO 27001 certified**. Moreover, **we have our operational quality, processes and control measures verified annually by DNV GL**." This is presented as a general statement about the company and its software suite.
On the English product suite page, Zenya states: "Logo - Zenya AUDIT ... ISO 9001 and ISO 27001 certified. Moreover, we have our operational quality, processes and control measures verified annually by DNV GL." This indicates that Zenya is certified to ISO 9001 and ISO/IEC 27001 and that DNV GL performs annual verification audits of its quality, processes and control measures.
Infoland (Zenya’s parent company) writes in this white paper: "We aim for top quality. To keep us sharp and make our quality demonstrable, **we are ISO 9001 and ISO 27001 certified**. In addition, **we have our operational quality, processes and control measures verified annually by DNV GL**." The document links this statement to the company’s SaaS offering.
DNV describes its role as a certification body: "DNV is an accredited third-party certification body and can provide training, gap analysis and certification services for your information security management system in accordance with ISO/IEC 27001." While this article does not mention Zenya or Infoland, it confirms that DNV (formerly DNV GL) acts as a certification body for ISO 27001 audits and certification.
DNV describes its ISO 27001 training: "ISO 27001 Foundation & Lead Auditor 3-day training course that clarifies requirements of [the] Information Security standard." While this demonstrates DNV’s expertise and role in auditing ISO 27001 systems through training auditors, it does not supply any information about Zenya or Infoland’s specific certifications.
Infoblox is proud to announce a significant milestone in our ongoing commitment to data security: We have officially achieved ISO/IEC 27001:2022 certification. ISO/IEC 27001:2022 specifies the requirements for establishing, implementing, maintaining and continually improving an ISMS.
The main Infoland page introduces Zenya as its software brand: "Discover Zenya – the software company which uses smart technology to enable professionals and organisations to excel." It also notes: "Starting today, you can find all about our smart software solutions at **zenya-software.com**." This page establishes the relationship between Infoland and Zenya but does not itself mention ISO 9001 or ISO 27001.
This is to certify that the management system of Siemens Mobility GmbH, Customer Services… has been found to conform to the Information Security Management System standard: ISO/IEC 27001:2013. MANAGEMENT SYSTEM CERTIFICATE. Certificate No: 216190-2017-AIS-GER-UKAS… ACCREDITED UNIT: DNV GL Business Assurance UK Limited.
This one-hour course provides employees with an understanding of the ISO/IEC 27001 management system, its impact on information security, risk management, and compliance. The course is designed for organizations that have implemented or are planning to implement an ISO/IEC 27001-certified information security management system.
This consulting page explains DNV’s role with ISO 9001 and hospital accreditation: "DNV NIAHO (National Integrated Accreditation for Healthcare Organizations) is a CMS-deemed hospital accreditation program administered by DNV Healthcare USA." It adds: "**DNV is the only hospital accrediting body that embeds ISO 9001 Quality Management System (QMS) compliance into its accreditation standards.**" The page describes DNV as a certification and accreditation body, but does not mention Zenya or Infoland.
ComplyAssistant describes DNV GL’s role: "DNV GL’s accreditation program – called NIAHO® – integrates requirements from CMS Conditions of Participation and the ISO 9001 Standard." It adds that the platform supports management of DNV standards compliance, but this page focuses on healthcare accreditation (NIAHO) and ISO 9001 and does not mention Zenya or Infoland.
Acellera has received ISO 27001 certification from DNV, affirming its information security management system (ISMS) meets international standards. The certification demonstrates that Acellera complies with the requirements of ISO/IEC 27001 for information security management.
Infoland’s Dutch-language company profile notes (translated): "Infoland works according to internationally recognised standards for quality management and information security." It refers to ISO certifications in general terms but on this page does not explicitly enumerate ISO 9001 or ISO 27001 or name DNV GL as the certifying body.
ISO 27001 is an international standard that defines the requirements for an information security management system (ISMS). Companies certified to ISO 27001 undergo audits by accredited certification bodies to prove conformity with the standard and maintain their certification over time.
Software vendors that comply with ISO/IEC 27001 for information security management often also pursue ISO 9001 certification for quality management, and both certifications are commonly issued and audited by the same accredited body (such as DNV or DNV GL). However, the existence of one certificate (e.g., ISO/IEC 27001) does not by itself prove that the same organization also holds ISO 9001; each certification must be evidenced by its own certificate.
What do you think of the claim?
Your challenge will appear immediately.
Challenge submitted!
Continue your research
Verify a related claim next.
Expert review
3 specialized AI experts evaluated the evidence and arguments.
Expert 1 — The Logic Examiner
Sources 1 and 2 are actual DNV-issued management system certificates directly naming Infoland B.V. h.o.d.n. Zenya and confirming ISO/IEC 27001:2022 certification — this directly and logically proves the ISO 27001 + DNV auditor portion of the claim. For ISO 9001, the evidence chain relies on Zenya's own consistent, repeated disclosures across multiple pages and a white paper (Sources 12, 13, 14) stating it holds both ISO 9001 and ISO 27001 certifications verified annually by DNV GL; while no independent ISO 9001 certificate document appears in the evidence pool, the Opponent's argument that self-attestation is categorically insufficient commits a false equivalence — corporate compliance disclosures are not mere marketing puffery and carry legal/reputational accountability, and Source 26 only cautions against inferring ISO 9001 from ISO 27001 alone, not against crediting direct company attestations. The logical chain is: (a) ISO 27001 + DNV is proven by direct documentary evidence; (b) ISO 9001 + DNV GL is supported by consistent, specific, on-the-record company disclosures that go beyond mere inference from the ISO 27001 certificate, making the overall claim mostly true with a minor inferential gap on the ISO 9001 certificate documentation.
Expert 2 — The Context Analyst
The claim has two components: (1) ISO/IEC 27001 certification audited by DNV GL, and (2) ISO 9001 certification audited by DNV GL. The first component is strongly supported by two actual DNV-issued certificate documents (Sources 1 and 2) confirming Zenya/Infoland holds ISO/IEC 27001:2022 certification from DNV Business Assurance. The second component — ISO 9001 — is supported only by Zenya's own marketing statements (Sources 12, 13, 14) and a 2021 white paper, with no independent DNV-issued ISO 9001 certificate document present in the evidence pool. Source 26 explicitly cautions that one certification cannot be inferred from another. The claim presents both certifications as equally established facts, but the ISO 9001 component lacks the same level of independent documentary verification as the ISO 27001 component. However, Zenya's consistent, repeated, on-the-record statements across multiple pages and documents that it holds ISO 9001 certification verified by DNV GL are not mere inference — they are direct attestations, and there is no contradicting evidence suggesting the claim is false. The framing issue is that the claim presents both certifications with equal certainty when the evidentiary basis differs: ISO 27001 is proven by primary documents, while ISO 9001 relies on self-attestation. This makes the claim mostly true but with a notable evidentiary asymmetry that slightly undermines completeness.
Expert 3 — The Source Auditor
Sources 1 and 2 are high-authority, primary documentary evidence — actual DNV-issued management system certificates naming Infoland B.V. h.o.d.n. Zenya and confirming ISO/IEC 27001:2022 conformity, valid through March 2028, issued by DNV Business Assurance units. These are unambiguous and independently authoritative. However, no equivalent DNV-issued ISO 9001 certificate for Zenya/Infoland appears anywhere in the evidence pool; the ISO 9001 claim rests solely on Zenya's own marketing pages and a white paper (Sources 12, 13, 14), which are self-promotional and carry a conflict of interest as the subject of the claim. Source 26 (LLM Background Knowledge) explicitly cautions that one certificate's existence cannot prove the other, and while it is the weakest source type, the logical point it raises is sound and uncontested by independent documentary evidence. The ISO/IEC 27001 certification audited by DNV is conclusively proven by high-authority primary documents; the ISO 9001 certification audited by DNV GL is only supported by the company's own unverified assertions, making the combined claim partially but not fully substantiated by reliable independent sources.
Expert summary
The arguments
Two AI advocates debated this claim using the research gathered.
Argument for
Zenya (Infoland B.V. h.o.d.n. Zenya) demonstrably holds an ISO/IEC 27001 certification issued under DNV's accredited Business Assurance units, as shown by DNV management system certificates naming Zenya and confirming conformity to ISO/IEC 27001:2022 (Source 1: Zenya/DNV MSC Certificate C845695; Source 2: Zenya/DNV Certificate 204638-2016-AIS-NLD-UKAS). Zenya also explicitly states it is “ISO 9001 and ISO 27001 certified” and that its operational quality, processes, and control measures are “verified annually by DNV GL,” which—given DNV's documented role as an accredited third-party auditor/certification body for ISO management systems—supports that these certifications are audited by DNV GL (Sources 12–14: Zenya statements; Sources 3–6: DNV on accredited certification/audits).
The Proponent's argument for ISO 9001 certification rests entirely on self-promotional statements from Zenya's own marketing pages and a white paper (Sources 12, 13, 14), none of which constitute independent documentary evidence comparable to the DNV-issued certificate documents in Sources 1 and 2 — a logical gap that Source 26 explicitly flags, warning that one certificate's existence cannot be inferred from another. The Proponent commits the fallacy of appeal to authority by citing DNV's general role as a certification body (Sources 3–6) to validate Zenya's unverified self-assertion, when no DNV-issued ISO 9001 certificate for Infoland/Zenya appears anywhere in the research brief, leaving the ISO 9001 component of the claim wholly unsubstantiated.
Argument against
While Sources 1 and 2 confirm Zenya holds an ISO/IEC 27001 certification audited by DNV, the research brief contains no actual ISO 9001 certificate issued to Zenya or Infoland by DNV GL — only self-promotional claims on Zenya's own website (Sources 12, 13, 14) and a general disclaimer in Source 26 explicitly warning that the existence of one certificate does not prove the other. Without an independently verifiable ISO 9001 certificate document comparable to the DNV-issued ISO 27001 certificates in Sources 1 and 2, the claim that Zenya holds both certifications audited by DNV GL remains unsubstantiated and cannot be accepted as true.
The Opponent commits a false-evidence standard by treating the absence of an ISO 9001 PDF in this brief as proof of non-certification, even though Zenya's repeated, consistent disclosures that it is “ISO 9001 and ISO 27001 certified” and “verified annually by DNV GL” (Sources 12–14: Zenya) are direct, on-the-record claims about certification and auditor that the Opponent does not actually rebut with contrary evidence. The Opponent also misuses Source 26 (LLM Background Knowledge) as if it refuted Zenya's specific statement, when it merely cautions against inferring ISO 9001 from ISO 27001 alone—an inference the Proponent does not rely on, given the independent Zenya attestation plus DNV's documented role as an accredited third-party auditor/certification body for ISO management systems (Sources 3–6: DNV).