Blog
Praktische gidsen over toegangsbeheer, IT-governance, compliance en MKB-administratie, direct bruikbaar, zonder jargon.
★ Pillar-gidsen
Diepgaande overzichten per thema
Access Management for SMBs: The Complete Guide (2026)
From your first access matrix to periodic reviews and directory sync — everything you need to know when your business grows beyond 10 people but you don't have an IT department yet.
ComplianceISO 27001 for SMBs without €50k in consultancy fees
ISO 27001 is manageable once you understand the structure. Here's the minimum work a 30-person SMB needs to pass a Stage 2 audit, what it costs, and where consultants actually add value.
OffboardingWatertight Offboarding in 12 Steps
Someone is leaving. In SMEs, this is where most data breaches begin. Here is a checklist that covers what you actually need to do — with deadlines, owners, and pitfalls.
Access reviewsPeriodic access reviews: process, frequency, and audit evidence
An access review is an audit requirement that nearly every SMB struggles with. Once you set it up properly the first time, the second round won't cost you a whole week.
Microsoft 365 & Entra IDMicrosoft 365 governance for SMBs — pragmatic, not perfectionist
M365 is the largest piece of SaaS in most SMBs. This guide walks through the governance layers — identity, licensing, MFA, Conditional Access, data, retention — covering what's truly essential and what can wait.
Boekhouding & facturatieSMB invoicing from quote to payment: the complete guide
Quote, invoice, reminder, demand letter, bookkeeping, VAT return. The entire chain explained for business owners who handle it themselves or with minimal accountant support.
AVG & privacyGDPR Compliance for SMBs: The Practical Minimum
GDPR doesn't require a €10,000 project or a DPO for most small businesses. Here's what every SMB actually needs — based on what the Dutch DPA really checks for.
Security zonder IT-afdelingSecurity for SMBs without an IT department: what should you do this quarter?
No IT team, but still accountable. This pillar gives you a priority stack: do this first, then that, then the less urgent stuff. Each item links to a deeper guide.
PDF redactiePDF redaction for SMBs: the complete guide
Redacting a PDF means permanently removing sensitive data — not dragging a black box over it, which anyone can undo in 30 seconds. This guide explains the real process.
Tools & checks uitgelegdVIES VAT number check: what it is, why it matters, and how to do it quickly
When you invoice a business in another EU country, you are often legally required to verify their VAT number via VIES. What is VIES, what does it check (and what doesn't it), and how do you maintain a proper audit trail?
Tools & checks uitgelegdChecking an IBAN by name: why banks no longer do it automatically, and how to handle it yourself
Since 2024, Dutch banks no longer automatically verify the account holder's name against an IBAN for every payment. For business finance teams, that's a real risk — here's how to tackle it practically.
Recente artikelen
CV redaction: what to remove before you send it on?
Sharing a CV with a client for a placement? Check what needs to come out under GDPR, privacy rules, and plain common sense — plus a checklist so you never accidentally leave in a date of birth.
Microsoft 365 & Entra IDM365 admin roles explained: you don't need to make everyone a Global Admin
M365 has ~70 admin roles. Most SMBs use just 2 (Global Admin + User Admin). Here are the roles you really need to know — and when to use them.
ComplianceAn ISO risk register that works (and doesn't look like a consultant export)
A risk register doesn't have to be a 300-row spreadsheet. For an SMB, 30–60 risks is realistic. Here's a format that survives an audit and is actually useful day to day.
AVG & privacyData Processing Agreements (DPAs): who, when, and don't overcomplicate it
Every SaaS that processes personal data on your behalf needs a DPA. Most vendors already have one ready on their website. Here's a quick checklist so you don't end up with 40 stray PDFs a year from now.
Security zonder IT-afdelingChoosing a password manager for SMBs: 1Password, Bitwarden, or something else?
No security strategy works without a password manager. Here's a practical comparison of the three options most relevant to SMBs, with clear trade-offs to help you decide.
Boekhouding & facturatiePayment reminders: 3 levels from polite nudge to final notice
Without a system, 15–20% of your customers pay late. A three-level approach — friendly, formal, final notice — gets 95% paid on time.
ToegangsbeheerBirthright access: what does everyone get automatically?
Birthright access is the set of systems every employee should have from day one. Short, clear, almost always the same — and a huge time-saver during onboarding.
PDF redactieWhy black bars in PDFs don't work (with example)
Two seconds of copy-paste makes the "redacted" text readable again. Here's the technical explanation with a concrete example — and what to do instead.
Microsoft 365 & Entra IDConditional Access for SMBs: what, when, how?
Conditional Access is the "if this, then that" of M365 security. Sounds complex — in practice it's 5 policies that cover 80% of your risks. Here's the minimum set.
ComplianceWhat is an ISMS and where do you start?
Information Security Management System — it sounds bigger than it is. For an SMB, it's a set of documents and routines, not a platform you install somewhere.
AVG & privacySetting up a processing register: what to include (and what not to)
Every SMB with employees needs a processing register. The Dutch DPA checks for it in almost every inspection. Here's a template and exactly what to include.
Security zonder IT-afdelingRecognising phishing: what can you teach your team in 20 minutes?
Phishing is no longer a badly-spelled Nigerian prince. Modern phishing is personalised, tailored, and designed to look like it came from inside your own organisation. Here's what everyone needs to know.