Information security is not a one-off project but a framework that runs continuously: policy, people, processes and technology reinforcing each other. We set that framework up, keep it demonstrably in order and actively involve the board — with experience as an information advisor in the public sector.
We bring all layers together: information security policy, roles and responsibilities, risk management, awareness and technology. Not a paper tiger, but a framework that works in practice and grows with the organisation.
From baseline assessment to a living management system — we make information security concrete and manageable.
The public sector faces strict frameworks. We translate the Dutch government baseline (BIO), ENSIA accountability, DigiD audits, the GDPR and the new NIS2 directive into workable measures — and make sure you demonstrably comply.
Compliance is not a goal in itself, but proof that your data and services are genuinely in order.
Policy only adds value when you know that it works. That is why we set up periodic audits and a clear reporting cycle. Once a year we present the annual report to the board — during an information security day that keeps the topic on the leadership table.
This way leadership knows exactly where the organisation stands, which risks are in play and which steps follow.
Generative and agentic AI bring new risks: data leaks via AI tools, 'shadow AI', and questions of transparency and liability. The EU AI Act adds obligations on top.
We help you deploy AI responsibly within your information security policy — so you seize the opportunities without opening new gaps.
Not every organisation needs a full-time CISO. With our Security Officer / CISO-as-a-service you get the right expertise on call: from setting up the framework to ongoing steering and reporting.
Plannable, budgetable and always under your control.
Curious how secure and demonstrably in control your organisation is? Schedule an introduction.