Blog
Praktische gidsen over toegangsbeheer, IT-governance, compliance en MKB-administratie, direct bruikbaar, zonder jargon.
★ Pillar-gidsen
Diepgaande overzichten per thema
Access Management for SMBs: The Complete Guide (2026)
From your first access matrix to periodic reviews and directory sync — everything you need to know when your business grows beyond 10 people but you don't have an IT department yet.
ComplianceISO 27001 for SMBs without €50k in consultancy fees
ISO 27001 is manageable once you understand the structure. Here's the minimum work a 30-person SMB needs to pass a Stage 2 audit, what it costs, and where consultants actually add value.
OffboardingWatertight Offboarding in 12 Steps
Someone is leaving. In SMEs, this is where most data breaches begin. Here is a checklist that covers what you actually need to do — with deadlines, owners, and pitfalls.
Access reviewsPeriodic access reviews: process, frequency, and audit evidence
An access review is an audit requirement that nearly every SMB struggles with. Once you set it up properly the first time, the second round won't cost you a whole week.
Microsoft 365 & Entra IDMicrosoft 365 governance for SMBs — pragmatic, not perfectionist
M365 is the largest piece of SaaS in most SMBs. This guide walks through the governance layers — identity, licensing, MFA, Conditional Access, data, retention — covering what's truly essential and what can wait.
Boekhouding & facturatieSMB invoicing from quote to payment: the complete guide
Quote, invoice, reminder, demand letter, bookkeeping, VAT return. The entire chain explained for business owners who handle it themselves or with minimal accountant support.
AVG & privacyGDPR Compliance for SMBs: The Practical Minimum
GDPR doesn't require a €10,000 project or a DPO for most small businesses. Here's what every SMB actually needs — based on what the Dutch DPA really checks for.
Security zonder IT-afdelingSecurity for SMBs without an IT department: what should you do this quarter?
No IT team, but still accountable. This pillar gives you a priority stack: do this first, then that, then the less urgent stuff. Each item links to a deeper guide.
PDF redactiePDF redaction for SMBs: the complete guide
Redacting a PDF means permanently removing sensitive data — not dragging a black box over it, which anyone can undo in 30 seconds. This guide explains the real process.
Tools & checks uitgelegdVIES VAT number check: what it is, why it matters, and how to do it quickly
When you invoice a business in another EU country, you are often legally required to verify their VAT number via VIES. What is VIES, what does it check (and what doesn't it), and how do you maintain a proper audit trail?
Tools & checks uitgelegdChecking an IBAN by name: why banks no longer do it automatically, and how to handle it yourself
Since 2024, Dutch banks no longer automatically verify the account holder's name against an IBAN for every payment. For business finance teams, that's a real risk — here's how to tackle it practically.
Recente artikelen
Choosing a password manager for your SMB: what really matters?
Choosing a password manager isn't a matter of taste — but it's not rocket science either. A practical guide for business owners without an IT department.
Security zonder IT-afdelingUptime monitoring for SMBs: don't hear about it from your customers
Your website is down and you find out from a customer. There's a better way. Here's how to set up uptime monitoring as an SMB without an IT department — without drowning in false alerts.
Security zonder IT-afdelingDMARC at p=reject: the last step most SMBs skip
SPF and DKIM are in place, DMARC is set to p=none — and that's where it stays. Here's how to safely move to quarantine and reject without your invoices ending up in spam.
Over BetergeregeldWelcome to the Beter Geregeld ICT blog
From now on, you'll find practical guides here on access management, compliance, offboarding, and administration — written for business owners and office managers, not IT architects.
OffboardingPersonnel file retention periods: what to keep, and for how long?
Pay slips 7 years, performance reviews 2 years, rejection letters 4 weeks. Here's a clear overview of Dutch retention periods — no unnecessary legal jargon.
Access reviewsReviewing service accounts — the invisible majority
Alongside real employees, you have service accounts: API integrations, scheduled jobs, automation. Often there are more of these than human users. Who owns them, and how do you review them?
OffboardingTracking down orphaned accounts: how do you tackle 3 years of sloppy offboarding?
Getting better at offboarding from today onwards does nothing about the 23 active accounts belonging to ex-employees that are already there. Here's how to clean up that backlog without weeks of effort.
Access reviewsReviewing the Global Admin role: the highest-risk category
If there is one category where review discipline is absolutely critical, it's Global Admin and equivalent roles. Here is the dedicated procedure that sits on top of your standard access review.
OffboardingVault handover: stop credentials from walking out the door with a departing employee
Shared logins only one person knew, API keys stored in their personal vault, 2FA tokens tied to their private phone. Here's how to prevent those "oh no" moments.
PDF redactieAutomating your redaction workflow: from ad hoc to streamlined
If you're redacting 5+ documents a month, it's time for a proper workflow. Here are the five stages: intake, redaction, verification, release, and audit.
Access reviewsDealing with "former employees" in your review — the cleanup round
Your first review turns up 8 accounts belonging to people who left years ago. That's not a problem — that's progress. Here's how to handle it without it turning into a blame session.
ToegangsbeheerGiving your external accountant access to your bookkeeping
Your accountant needs to get into Exact or Moneybird. How do you set that up securely, permanently, and in a way that doesn't leave everyone clueless after two accountant changes?