Blog
Praktische gidsen over toegangsbeheer, IT-governance, compliance en MKB-administratie, direct bruikbaar, zonder jargon.
★ Pillar-gidsen
Diepgaande overzichten per thema
Access Management for SMBs: The Complete Guide (2026)
From your first access matrix to periodic reviews and directory sync — everything you need to know when your business grows beyond 10 people but you don't have an IT department yet.
ComplianceISO 27001 for SMBs without €50k in consultancy fees
ISO 27001 is manageable once you understand the structure. Here's the minimum work a 30-person SMB needs to pass a Stage 2 audit, what it costs, and where consultants actually add value.
OffboardingWatertight Offboarding in 12 Steps
Someone is leaving. In SMEs, this is where most data breaches begin. Here is a checklist that covers what you actually need to do — with deadlines, owners, and pitfalls.
Access reviewsPeriodic access reviews: process, frequency, and audit evidence
An access review is an audit requirement that nearly every SMB struggles with. Once you set it up properly the first time, the second round won't cost you a whole week.
Microsoft 365 & Entra IDMicrosoft 365 governance for SMBs — pragmatic, not perfectionist
M365 is the largest piece of SaaS in most SMBs. This guide walks through the governance layers — identity, licensing, MFA, Conditional Access, data, retention — covering what's truly essential and what can wait.
Boekhouding & facturatieSMB invoicing from quote to payment: the complete guide
Quote, invoice, reminder, demand letter, bookkeeping, VAT return. The entire chain explained for business owners who handle it themselves or with minimal accountant support.
AVG & privacyGDPR Compliance for SMBs: The Practical Minimum
GDPR doesn't require a €10,000 project or a DPO for most small businesses. Here's what every SMB actually needs — based on what the Dutch DPA really checks for.
Security zonder IT-afdelingSecurity for SMBs without an IT department: what should you do this quarter?
No IT team, but still accountable. This pillar gives you a priority stack: do this first, then that, then the less urgent stuff. Each item links to a deeper guide.
PDF redactiePDF redaction for SMBs: the complete guide
Redacting a PDF means permanently removing sensitive data — not dragging a black box over it, which anyone can undo in 30 seconds. This guide explains the real process.
Tools & checks uitgelegdVIES VAT number check: what it is, why it matters, and how to do it quickly
When you invoice a business in another EU country, you are often legally required to verify their VAT number via VIES. What is VIES, what does it check (and what doesn't it), and how do you maintain a proper audit trail?
Tools & checks uitgelegdChecking an IBAN by name: why banks no longer do it automatically, and how to handle it yourself
Since 2024, Dutch banks no longer automatically verify the account holder's name against an IBAN for every payment. For business finance teams, that's a real risk — here's how to tackle it practically.
Recente artikelen
The management review: what goes in it and who takes part?
One of the clause-9 requirements of ISO 27001. Annual, with senior management, 2 hours. Here is the agenda that an auditor will accept — and that works as a practical exercise for you.
Boekhouding & facturatieUBL and PEPPOL: when does e-invoicing become mandatory for you?
From 2026, the Netherlands is on the EU path to mandatory e-invoicing. For government clients, UBL is already required — B2B is next. Here's what you need to arrange now.
PDF redactieStripping PDF metadata: why it matters and what's hiding inside
A PDF often contains 10× more data than what you see — author name, software version, edit history, revisions, comments. Here's how to clean it up.
Microsoft 365 & Entra IDSharePoint permissions: why they spiral out of control and how to tame them
SharePoint is where SMBs suffer the most unintentional data leaks: folders visible to "everyone in the company" when they were meant to stay internal. Here are the mental models you need.
Security zonder IT-afdelingLaptop stolen: the first 30 minutes
Someone calls: laptop stolen from the car. The clock is ticking. Here are the 10 steps you MUST take in the first 30 minutes, in order.
ToegangsbeheerIT onboarding checklist: what needs to be ready on day 1?
The best first day is a boring one. Laptop works, accounts are ready, folders are shared. This checklist covers the typical SMB scenario of 12 systems and 4 roles.
AVG & privacyData Breach: When to Report, When Not To, Within 72 Hours
Not every incident is a data breach. Not every data breach needs to be reported to the AP. Here's the decision tree and a sample notification template.
ComplianceThe PDCA Cycle Explained for Managers
Plan-Do-Check-Act sounds bureaucratic. In practice it means: write down what you do, do it, check whether it works, adjust accordingly. Here's the shortest useful explanation.
Boekhouding & facturatieInvoice numbering policy: what works, what causes chaos?
Number sequences in 2026 might sound futuristic, but in practice I see an SMB struggling with missing or duplicate invoice numbers every single week. Here are the three patterns that actually work.
PDF redactieRedacting court documents: the specific rules
When sharing court documents as a lawyer, party, or press agency, specific redaction rules apply. Names of minors, medical data, judicial considerations — here's how to handle it.
Microsoft 365 & Entra IDTeams external guests: which settings define the risk profiles?
Teams guest access has three layers at once: organisation settings, team settings, and chat settings. Here's the mental model so you don't accidentally leave everything wide open.
ToegangsbeheerTemporary access: how to grant it — and revoke it
A consultant for 6 weeks, a developer brought in just for the migration, a cover during maternity leave. Granting temporary access is easy — revoking it is where things go wrong.