Blog
Praktische gidsen over toegangsbeheer, IT-governance, compliance en MKB-administratie, direct bruikbaar, zonder jargon.
★ Pillar-gidsen
Diepgaande overzichten per thema
Access Management for SMBs: The Complete Guide (2026)
From your first access matrix to periodic reviews and directory sync — everything you need to know when your business grows beyond 10 people but you don't have an IT department yet.
ComplianceISO 27001 for SMBs without €50k in consultancy fees
ISO 27001 is manageable once you understand the structure. Here's the minimum work a 30-person SMB needs to pass a Stage 2 audit, what it costs, and where consultants actually add value.
OffboardingWatertight Offboarding in 12 Steps
Someone is leaving. In SMEs, this is where most data breaches begin. Here is a checklist that covers what you actually need to do — with deadlines, owners, and pitfalls.
Access reviewsPeriodic access reviews: process, frequency, and audit evidence
An access review is an audit requirement that nearly every SMB struggles with. Once you set it up properly the first time, the second round won't cost you a whole week.
Microsoft 365 & Entra IDMicrosoft 365 governance for SMBs — pragmatic, not perfectionist
M365 is the largest piece of SaaS in most SMBs. This guide walks through the governance layers — identity, licensing, MFA, Conditional Access, data, retention — covering what's truly essential and what can wait.
Boekhouding & facturatieSMB invoicing from quote to payment: the complete guide
Quote, invoice, reminder, demand letter, bookkeeping, VAT return. The entire chain explained for business owners who handle it themselves or with minimal accountant support.
AVG & privacyGDPR Compliance for SMBs: The Practical Minimum
GDPR doesn't require a €10,000 project or a DPO for most small businesses. Here's what every SMB actually needs — based on what the Dutch DPA really checks for.
Security zonder IT-afdelingSecurity for SMBs without an IT department: what should you do this quarter?
No IT team, but still accountable. This pillar gives you a priority stack: do this first, then that, then the less urgent stuff. Each item links to a deeper guide.
PDF redactiePDF redaction for SMBs: the complete guide
Redacting a PDF means permanently removing sensitive data — not dragging a black box over it, which anyone can undo in 30 seconds. This guide explains the real process.
Tools & checks uitgelegdVIES VAT number check: what it is, why it matters, and how to do it quickly
When you invoice a business in another EU country, you are often legally required to verify their VAT number via VIES. What is VIES, what does it check (and what doesn't it), and how do you maintain a proper audit trail?
Tools & checks uitgelegdChecking an IBAN by name: why banks no longer do it automatically, and how to handle it yourself
Since 2024, Dutch banks no longer automatically verify the account holder's name against an IBAN for every payment. For business finance teams, that's a real risk — here's how to tackle it practically.
Recente artikelen
Setting up an incident log that auditors trust
An empty incident log is a red flag for auditors. It doesn't mean nothing went wrong — it means you're not recording it. Here's how to set up a log that actually works.
Security zonder IT-afdelingIncident response plan for SMBs on 2 pages
An incident response plan doesn't have to be a 50-page document. Two pages covering who does what and when is enough — as long as everyone knows it.
AVG & privacyCookie Consent in 2026: What's Changed, What's Allowed, What Has to Go?
Cookie legislation has been actively enforced since 2023. Many legacy cookie banners no longer comply. Here are the current rules and the three-column model.
Boekhouding & facturatieInvoice requirements in the Netherlands: what must you include?
The Dutch Tax Authority has a fixed list of requirements. Miss any of them and your customer can't reclaim VAT — and you risk issues during an audit. Here's the checklist.
PDF redactieRedacting contracts for sales references: what stays, what goes?
You want to show a signed contract to a prospect as proof that "company X works with us". What's allowed, what must go, and how do you stop a prospect from seeing what the previous client paid?
Microsoft 365 & Entra IDGuest access in M365: securely granting clients and partners access
Sharing Teams channels with a partner, a SharePoint site for a client project — that's guest access. Here's how to manage it before you end up with 200 guests a year down the line.
ToegangsbeheerThe least-privilege principle explained for business owners
Grant as little access as possible, for as short a time as possible. That might sound like a productivity hit — in practice, it saves you from a data breach that takes months to explain away.
ComplianceISO 27001 pre-audit checklist: 2 weeks before Stage 2
Stage 2 is two weeks away. This 22-point checklist covers everything auditors typically ask for — if even one box is missing, fix it now.
AVG & privacyPrivacy policy on your website: which templates actually work?
Your privacy policy doesn't need to be 15 pages of legal jargon. Readable, honest, complete — here's the structure that works.
Security zonder IT-afdelingA Backup Strategy for SMBs That You Actually Test
A backup you've never tested isn't really a backup. The 3-2-1 principle, regular restore tests, and knowing which data matters most — the recipe for a plan that actually works.
Boekhouding & facturatieVAT 9% or 21%: which applies when?
Most SMB owners invoice at 21% VAT. But there are exceptions: magazines, culture, certain foods, and healthcare services. Here are the rules.
ToegangsbeheerPrivileged access management for SMBs
Global Admin, AWS root, Salesforce system admin — these are the accounts that cause the most damage when compromised. Here's what you can do without buying an expensive PAM tool.