Expertise

Information security built to last

Information security is not a one-off project but a framework that runs continuously: policy, people, processes and technology reinforcing each other. We set that framework up, keep it demonstrably in order and actively involve the board — with experience as an information advisor in the public sector.

Information security & governance

A complete, working framework

We bring all layers together: information security policy, roles and responsibilities, risk management, awareness and technology. Not a paper tiger, but a framework that works in practice and grows with the organisation.

From baseline assessment to a living management system — we make information security concrete and manageable.

  • Information security policy and clear frameworks
  • Roles, governance and risk management
  • Awareness and secure behaviour across the organisation

For government: BIO, ENSIA, NIS2 and GDPR

The public sector faces strict frameworks. We translate the Dutch government baseline (BIO), ENSIA accountability, DigiD audits, the GDPR and the new NIS2 directive into workable measures — and make sure you demonstrably comply.

Compliance is not a goal in itself, but proof that your data and services are genuinely in order.

  • BIO, ENSIA and DigiD audits
  • NIS2 and GDPR/privacy
  • Demonstrable compliance, not paperwork for paperwork's sake

From policy to demonstrable control

Policy only adds value when you know that it works. That is why we set up periodic audits and a clear reporting cycle. Once a year we present the annual report to the board — during an information security day that keeps the topic on the leadership table.

This way leadership knows exactly where the organisation stands, which risks are in play and which steps follow.

  • Periodic checks and internal audits
  • Annual board reporting
  • Information security day for awareness and decision-making

AI makes information security more urgent

Generative and agentic AI bring new risks: data leaks via AI tools, 'shadow AI', and questions of transparency and liability. The EU AI Act adds obligations on top.

We help you deploy AI responsibly within your information security policy — so you seize the opportunities without opening new gaps.

  • Policy for safe and responsible AI use
  • Attention to shadow AI and data-leak risks
  • AI governance linked to the EU AI Act

Security Officer on call

Not every organisation needs a full-time CISO. With our Security Officer / CISO-as-a-service you get the right expertise on call: from setting up the framework to ongoing steering and reporting.

Plannable, budgetable and always under your control.

Ready for the next step?

Curious how secure and demonstrably in control your organisation is? Schedule an introduction.