Blog
Praktische gidsen over toegangsbeheer, IT-governance, compliance en MKB-administratie, direct bruikbaar, zonder jargon.
★ Pillar-gidsen
Diepgaande overzichten per thema
Access Management for SMBs: The Complete Guide (2026)
From your first access matrix to periodic reviews and directory sync — everything you need to know when your business grows beyond 10 people but you don't have an IT department yet.
ComplianceISO 27001 for SMBs without €50k in consultancy fees
ISO 27001 is manageable once you understand the structure. Here's the minimum work a 30-person SMB needs to pass a Stage 2 audit, what it costs, and where consultants actually add value.
OffboardingWatertight Offboarding in 12 Steps
Someone is leaving. In SMEs, this is where most data breaches begin. Here is a checklist that covers what you actually need to do — with deadlines, owners, and pitfalls.
Access reviewsPeriodic access reviews: process, frequency, and audit evidence
An access review is an audit requirement that nearly every SMB struggles with. Once you set it up properly the first time, the second round won't cost you a whole week.
Microsoft 365 & Entra IDMicrosoft 365 governance for SMBs — pragmatic, not perfectionist
M365 is the largest piece of SaaS in most SMBs. This guide walks through the governance layers — identity, licensing, MFA, Conditional Access, data, retention — covering what's truly essential and what can wait.
Boekhouding & facturatieSMB invoicing from quote to payment: the complete guide
Quote, invoice, reminder, demand letter, bookkeeping, VAT return. The entire chain explained for business owners who handle it themselves or with minimal accountant support.
AVG & privacyGDPR Compliance for SMBs: The Practical Minimum
GDPR doesn't require a €10,000 project or a DPO for most small businesses. Here's what every SMB actually needs — based on what the Dutch DPA really checks for.
Security zonder IT-afdelingSecurity for SMBs without an IT department: what should you do this quarter?
No IT team, but still accountable. This pillar gives you a priority stack: do this first, then that, then the less urgent stuff. Each item links to a deeper guide.
PDF redactiePDF redaction for SMBs: the complete guide
Redacting a PDF means permanently removing sensitive data — not dragging a black box over it, which anyone can undo in 30 seconds. This guide explains the real process.
Tools & checks uitgelegdVIES VAT number check: what it is, why it matters, and how to do it quickly
When you invoice a business in another EU country, you are often legally required to verify their VAT number via VIES. What is VIES, what does it check (and what doesn't it), and how do you maintain a proper audit trail?
Tools & checks uitgelegdChecking an IBAN by name: why banks no longer do it automatically, and how to handle it yourself
Since 2024, Dutch banks no longer automatically verify the account holder's name against an IBAN for every payment. For business finance teams, that's a real risk — here's how to tackle it practically.
Recente artikelen
Mailbox delegation in M365: delegated vs. shared vs. full access
PA-to-CEO mailbox, shared support@ inbox, delegated calendar. Three technically distinct mechanisms, each with its own permission model.
OffboardingThe last-day script: minute by minute
The final working day is where many offboardings go off the rails. Here's an exact timeline: 09:00 exit interview, 10:00 vault handover, 12:00 access blocked, 17:00 farewell drinks.
Security zonder IT-afdelingTravelling safely with a company laptop: the travel checklist
Heading to an EU destination or further afield? Some countries have strict rules around encryption and device scanning. Here's what to watch out for.
Access reviewsPeriodic access reviews: process, frequency, and audit evidence
An access review is an audit requirement that nearly every SMB struggles with. Once you set it up properly the first time, the second round won't cost you a whole week.
AVG & privacySub-processors outside the EU: what Schrems II still requires
Using AWS, Google, or Microsoft? Then some of your data flows through the US. Since Schrems II, that's no longer a given. Here's what actually works today.
ComplianceNEN 7510 for healthcare businesses: a step beyond ISO 27001
Do you work in or with healthcare? Then NEN 7510 — alongside or instead of ISO 27001 — is a real requirement. The overlap is significant; the differences lie in patient data and specific Annex controls.
Boekhouding & facturatieCredit Notes: When, How, and What NOT to Do
Correcting an invoice doesn't mean deleting it — that's not allowed. You issue a credit note. Here are the three situations where you need one, and the pitfalls to avoid.
PDF redactieOCR redaction: making scanned PDFs editable for redaction
A scanned PDF is a series of images, not text. Searching and redacting won't work without OCR. Here's the workflow.
Microsoft 365 & Entra IDOneDrive sharing policy: how do you prevent per-file share chaos?
People share files from OneDrive all day long. How do you set up tenant-wide policies that encourage secure behaviour without killing productivity?
Security zonder IT-afdelingSocial engineering: how to recognise CEO fraud and vishing?
Not every attack arrives via email. Phone, SMS, LinkedIn message — modern social engineering uses every channel. Three patterns and how to counter them.
OffboardingWatertight Offboarding in 12 Steps
Someone is leaving. In SMEs, this is where most data breaches begin. Here is a checklist that covers what you actually need to do — with deadlines, owners, and pitfalls.
AVG & privacyDPIA — Data Protection Impact Assessment: when is it required, and when can you skip it?
A DPIA sounds like something only large enterprises need to worry about. For SMBs it's rarely required — but there are a handful of specific situations where it is. Here's the decision tree.