#governance
14 artikelen met dit onderwerp
Onboarding–offboarding parity: the best test for your IAM
If onboarding does something, offboarding should undo it. When that parity breaks down, orphaned accounts pile up — often going unnoticed for years.
Access reviewsAccess review scope: what's in, what's out?
Not every user, not every system needs to be included in every review. Here's how to define your scope so it stays manageable — and defensible in an audit.
Access reviewsGetting managers involved in access reviews without pushback
A security officer can't assess who should have access to sales tools — that's the sales manager's call. Here's how to make it a natural part of their workflow instead of a yearly headache.
ToegangsbeheerCleaning Up Shadow IT Without a Revolution
The marketer pays for Canva Pro out of pocket. Sales runs its own LinkedIn scraper. Dev uses ChatGPT Team through a personal email. That's shadow IT — and it's almost never malicious.
Access reviewsPeriodic access reviews: process, frequency, and audit evidence
An access review is an audit requirement that nearly every SMB struggles with. Once you set it up properly the first time, the second round won't cost you a whole week.
OffboardingWatertight Offboarding in 12 Steps
Someone is leaving. In SMEs, this is where most data breaches begin. Here is a checklist that covers what you actually need to do — with deadlines, owners, and pitfalls.
ComplianceThe management review: what goes in it and who takes part?
One of the clause-9 requirements of ISO 27001. Annual, with senior management, 2 hours. Here is the agenda that an auditor will accept — and that works as a practical exercise for you.
ComplianceThe PDCA Cycle Explained for Managers
Plan-Do-Check-Act sounds bureaucratic. In practice it means: write down what you do, do it, check whether it works, adjust accordingly. Here's the shortest useful explanation.
ToegangsbeheerTemporary access: how to grant it — and revoke it
A consultant for 6 weeks, a developer brought in just for the migration, a cover during maternity leave. Granting temporary access is easy — revoking it is where things go wrong.
ComplianceSetting up an incident log that auditors trust
An empty incident log is a red flag for auditors. It doesn't mean nothing went wrong — it means you're not recording it. Here's how to set up a log that actually works.
ToegangsbeheerThe least-privilege principle explained for business owners
Grant as little access as possible, for as short a time as possible. That might sound like a productivity hit — in practice, it saves you from a data breach that takes months to explain away.
ComplianceWhat is an ISMS and where do you start?
Information Security Management System — it sounds bigger than it is. For an SMB, it's a set of documents and routines, not a platform you install somewhere.
Microsoft 365 & Entra IDMicrosoft 365 governance for SMBs — pragmatic, not perfectionist
M365 is the largest piece of SaaS in most SMBs. This guide walks through the governance layers — identity, licensing, MFA, Conditional Access, data, retention — covering what's truly essential and what can wait.
ToegangsbeheerAccess Management for SMBs: The Complete Guide (2026)
From your first access matrix to periodic reviews and directory sync — everything you need to know when your business grows beyond 10 people but you don't have an IT department yet.