Blog
Praktische gidsen over toegangsbeheer, IT-governance, compliance en MKB-administratie, direct bruikbaar, zonder jargon.
★ Pillar-gidsen
Diepgaande overzichten per thema
Access Management for SMBs: The Complete Guide (2026)
From your first access matrix to periodic reviews and directory sync — everything you need to know when your business grows beyond 10 people but you don't have an IT department yet.
ComplianceISO 27001 for SMBs without €50k in consultancy fees
ISO 27001 is manageable once you understand the structure. Here's the minimum work a 30-person SMB needs to pass a Stage 2 audit, what it costs, and where consultants actually add value.
OffboardingWatertight Offboarding in 12 Steps
Someone is leaving. In SMEs, this is where most data breaches begin. Here is a checklist that covers what you actually need to do — with deadlines, owners, and pitfalls.
Access reviewsPeriodic access reviews: process, frequency, and audit evidence
An access review is an audit requirement that nearly every SMB struggles with. Once you set it up properly the first time, the second round won't cost you a whole week.
Microsoft 365 & Entra IDMicrosoft 365 governance for SMBs — pragmatic, not perfectionist
M365 is the largest piece of SaaS in most SMBs. This guide walks through the governance layers — identity, licensing, MFA, Conditional Access, data, retention — covering what's truly essential and what can wait.
Boekhouding & facturatieSMB invoicing from quote to payment: the complete guide
Quote, invoice, reminder, demand letter, bookkeeping, VAT return. The entire chain explained for business owners who handle it themselves or with minimal accountant support.
AVG & privacyGDPR Compliance for SMBs: The Practical Minimum
GDPR doesn't require a €10,000 project or a DPO for most small businesses. Here's what every SMB actually needs — based on what the Dutch DPA really checks for.
Security zonder IT-afdelingSecurity for SMBs without an IT department: what should you do this quarter?
No IT team, but still accountable. This pillar gives you a priority stack: do this first, then that, then the less urgent stuff. Each item links to a deeper guide.
PDF redactiePDF redaction for SMBs: the complete guide
Redacting a PDF means permanently removing sensitive data — not dragging a black box over it, which anyone can undo in 30 seconds. This guide explains the real process.
Tools & checks uitgelegdVIES VAT number check: what it is, why it matters, and how to do it quickly
When you invoice a business in another EU country, you are often legally required to verify their VAT number via VIES. What is VIES, what does it check (and what doesn't it), and how do you maintain a proper audit trail?
Tools & checks uitgelegdChecking an IBAN by name: why banks no longer do it automatically, and how to handle it yourself
Since 2024, Dutch banks no longer automatically verify the account holder's name against an IBAN for every payment. For business finance teams, that's a real risk — here's how to tackle it practically.
Recente artikelen
Entra security groups as access profiles in your IAM tool
Already using security groups in Entra ID for SharePoint permissions? You can use those groups one-to-one as AccessProfiles — no duplicate work required.
Security zonder IT-afdelingMFA for every SaaS tool, not just M365: catching up the stragglers
M365 and Google make MFA easy. So do Dropbox, Slack, GitHub, and Trello. But those other SaaS tools? MFA is often missing. Here's how to close the gap.
Access reviewsEvidence for access reviews: what to keep and where
A review without evidence is, as far as an auditor is concerned, a review that never happened. Here's what to retain, in what format, and for how long.
AVG & privacyLogging IP addresses under GDPR: pseudonymous, personal data, and what's allowed?
An IP address is personal data under GDPR. Security logs often need to retain them for weeks or months. How do you reconcile that with data minimisation principles?
ComplianceNIS2 and SMEs: does your business fall under the directive?
NIS2 is the successor to NIS1 and significantly widens the scope. Many SMEs in "ordinary" sectors now suddenly qualify as essential or important entities.
OffboardingOffboarding: the legal framework in the Netherlands
Which laws govern data access, reading emails, device retrieval, and retention periods during offboarding? Not legal advice — but a clear, practical overview.
ToegangsbeheerAI in access reviews: what works and what doesn't
AI assistance can cut review time by up to 40% — as long as you know what to use it for. Not as the decision-maker, but as a pre-filter and an explainer.
Boekhouding & facturatieInvoicing in Dutch and English at the same time — practical tips
International clients often don't read Dutch — but the tax authorities still require a NL-compliant invoice. Here are practical solutions that won't double your workload.
PDF redactiePDF redaction tools compared: Acrobat, PDF Redact, open-source
What are the realistic options for secure PDF redaction in 2026? Adobe is the veteran — but pricey. Open source lacks features. Here's the honest comparison.
Microsoft 365 & Entra IDRetention policies in M365: keep or delete — who decides?
Some data must be kept (fiscal obligations), other data must be deleted (GDPR). Retention policies handle this automatically — if you set them up correctly.
Security zonder IT-afdelingSecurity awareness training: what works and what's a waste of time
An annual 60-minute security video is a waste of time. Quarterly 10-minute targeted sessions actually work. Here's the programme that gets results.
Access reviewsGetting managers involved in access reviews without pushback
A security officer can't assess who should have access to sales tools — that's the sales manager's call. Here's how to make it a natural part of their workflow instead of a yearly headache.