Blog
Praktische gidsen over toegangsbeheer, IT-governance, compliance en MKB-administratie, direct bruikbaar, zonder jargon.
★ Pillar-gidsen
Diepgaande overzichten per thema
Access Management for SMBs: The Complete Guide (2026)
From your first access matrix to periodic reviews and directory sync — everything you need to know when your business grows beyond 10 people but you don't have an IT department yet.
ComplianceISO 27001 for SMBs without €50k in consultancy fees
ISO 27001 is manageable once you understand the structure. Here's the minimum work a 30-person SMB needs to pass a Stage 2 audit, what it costs, and where consultants actually add value.
OffboardingWatertight Offboarding in 12 Steps
Someone is leaving. In SMEs, this is where most data breaches begin. Here is a checklist that covers what you actually need to do — with deadlines, owners, and pitfalls.
Access reviewsPeriodic access reviews: process, frequency, and audit evidence
An access review is an audit requirement that nearly every SMB struggles with. Once you set it up properly the first time, the second round won't cost you a whole week.
Microsoft 365 & Entra IDMicrosoft 365 governance for SMBs — pragmatic, not perfectionist
M365 is the largest piece of SaaS in most SMBs. This guide walks through the governance layers — identity, licensing, MFA, Conditional Access, data, retention — covering what's truly essential and what can wait.
Boekhouding & facturatieSMB invoicing from quote to payment: the complete guide
Quote, invoice, reminder, demand letter, bookkeeping, VAT return. The entire chain explained for business owners who handle it themselves or with minimal accountant support.
AVG & privacyGDPR Compliance for SMBs: The Practical Minimum
GDPR doesn't require a €10,000 project or a DPO for most small businesses. Here's what every SMB actually needs — based on what the Dutch DPA really checks for.
Security zonder IT-afdelingSecurity for SMBs without an IT department: what should you do this quarter?
No IT team, but still accountable. This pillar gives you a priority stack: do this first, then that, then the less urgent stuff. Each item links to a deeper guide.
PDF redactiePDF redaction for SMBs: the complete guide
Redacting a PDF means permanently removing sensitive data — not dragging a black box over it, which anyone can undo in 30 seconds. This guide explains the real process.
Tools & checks uitgelegdVIES VAT number check: what it is, why it matters, and how to do it quickly
When you invoice a business in another EU country, you are often legally required to verify their VAT number via VIES. What is VIES, what does it check (and what doesn't it), and how do you maintain a proper audit trail?
Tools & checks uitgelegdChecking an IBAN by name: why banks no longer do it automatically, and how to handle it yourself
Since 2024, Dutch banks no longer automatically verify the account holder's name against an IBAN for every payment. For business finance teams, that's a real risk — here's how to tackle it practically.
Recente artikelen
Data Retention Periods by Category for SMBs
How long should you keep customer data, job applicants, invoices, or CCTV footage? Here are the key categories in a clear overview table, with the source for each retention period.
ComplianceDORA for SMB Suppliers to Financial Institutions
From January 2025, every bank, insurer, or investment fund expects its suppliers to be DORA-compliant. As an SMB supplier, those requirements will land in your contracts.
OffboardingLaptop retrieval: logistics and technology
Remote-only staff, hot-desking, international hires — laptop retrieval is more complex than it used to be. Here are the patterns that work without €2,000 worth of hardware going missing.
ToegangsbeheerAccess matrix vs. RBAC: what fits your growth stage?
A direct matrix (person × system) works up to around 30 employees. After that, you go role-based. Here's when to make the switch — and how to do it without a big bang.
Boekhouding & facturatieDirect debit (SEPA) or manual payment — which one, when?
SEPA direct debit reduces payment risk but requires a mandate. Manual payments are easier to set up but make cash flow less predictable. Here's how to weigh up the options.
PDF redactieAudit trail for redaction: what to log, why, and how long?
An auditor walks in and asks: "show us how you anonymised client data for report X." Without an audit trail, you have nothing to show. Here's what to log.
Microsoft 365 & Entra IDM365 licence management: save up to 20% without losing functionality
Most SMBs carry 15–20% more licences than they need — former employees, wrong plan, duplicate subscriptions. Here's a review approach that pays for itself.
Security zonder IT-afdelingVendor risk management for SMBs: a practical framework
Every SaaS subscription is a slice of risk you're outsourcing. How do you decide which of your 30 vendors actually deserve closer attention?
Access reviewsSample-based or full access review: what does the auditor accept?
At larger scale, a full review becomes unworkable. Risk-based sampling is the answer — provided you can clearly explain how you sampled.
AVG & privacyMarketing consent: email, WhatsApp, retargeting — what are you still allowed to do?
Your newsletter, promotional emails, retargeting pixels — they all need a valid consent basis. Here are the concrete rules per channel.
OffboardingEmail forwarding after an employee leaves: what are the rules?
Forwarding a company mailbox to a manager sounds straightforward. But there are pitfalls: GDPR, old contacts, and confused clients. Here's the recipe.
ToegangsbeheerCleaning Up Shadow IT Without a Revolution
The marketer pays for Canva Pro out of pocket. Sales runs its own LinkedIn scraper. Dev uses ChatGPT Team through a personal email. That's shadow IT — and it's almost never malicious.