BG Beter Geregeld ICT

Blog

Praktische gidsen over toegangsbeheer, IT-governance, compliance en MKB-administratie, direct bruikbaar, zonder jargon.

★ Pillar-gidsen

Diepgaande overzichten per thema

Toegangsbeheer

Access Management for SMBs: The Complete Guide (2026)

From your first access matrix to periodic reviews and directory sync — everything you need to know when your business grows beyond 10 people but you don't have an IT department yet.

3 min
Compliance

ISO 27001 for SMBs without €50k in consultancy fees

ISO 27001 is manageable once you understand the structure. Here's the minimum work a 30-person SMB needs to pass a Stage 2 audit, what it costs, and where consultants actually add value.

2 min
Offboarding

Watertight Offboarding in 12 Steps

Someone is leaving. In SMEs, this is where most data breaches begin. Here is a checklist that covers what you actually need to do — with deadlines, owners, and pitfalls.

2 min
Access reviews

Periodic access reviews: process, frequency, and audit evidence

An access review is an audit requirement that nearly every SMB struggles with. Once you set it up properly the first time, the second round won't cost you a whole week.

2 min
Microsoft 365 & Entra ID

Microsoft 365 governance for SMBs — pragmatic, not perfectionist

M365 is the largest piece of SaaS in most SMBs. This guide walks through the governance layers — identity, licensing, MFA, Conditional Access, data, retention — covering what's truly essential and what can wait.

2 min
Boekhouding & facturatie

SMB invoicing from quote to payment: the complete guide

Quote, invoice, reminder, demand letter, bookkeeping, VAT return. The entire chain explained for business owners who handle it themselves or with minimal accountant support.

2 min
AVG & privacy

GDPR Compliance for SMBs: The Practical Minimum

GDPR doesn't require a €10,000 project or a DPO for most small businesses. Here's what every SMB actually needs — based on what the Dutch DPA really checks for.

2 min
Security zonder IT-afdeling

Security for SMBs without an IT department: what should you do this quarter?

No IT team, but still accountable. This pillar gives you a priority stack: do this first, then that, then the less urgent stuff. Each item links to a deeper guide.

2 min
PDF redactie

PDF redaction for SMBs: the complete guide

Redacting a PDF means permanently removing sensitive data — not dragging a black box over it, which anyone can undo in 30 seconds. This guide explains the real process.

2 min
Tools & checks uitgelegd

VIES VAT number check: what it is, why it matters, and how to do it quickly

When you invoice a business in another EU country, you are often legally required to verify their VAT number via VIES. What is VIES, what does it check (and what doesn't it), and how do you maintain a proper audit trail?

4 min
Tools & checks uitgelegd

Checking an IBAN by name: why banks no longer do it automatically, and how to handle it yourself

Since 2024, Dutch banks no longer automatically verify the account holder's name against an IBAN for every payment. For business finance teams, that's a real risk — here's how to tackle it practically.

3 min

Recente artikelen

Toegangsbeheer

IT onboarding checklist: what needs to be ready on day 1?

The best first day is a boring one. Laptop works, accounts are ready, folders are shared. This checklist covers the typical SMB scenario of 12 systems and 4 roles.

2 min · 02 Nov 2025
AVG & privacy

Data Breach: When to Report, When Not To, Within 72 Hours

Not every incident is a data breach. Not every data breach needs to be reported to the AP. Here's the decision tree and a sample notification template.

2 min · 02 Nov 2025
Compliance

The PDCA Cycle Explained for Managers

Plan-Do-Check-Act sounds bureaucratic. In practice it means: write down what you do, do it, check whether it works, adjust accordingly. Here's the shortest useful explanation.

2 min · 02 Nov 2025
Online groeien

Growing your bathroom business: from website to AI

You don't have to build everything at once. Here's how your online presence grows alongside your business.

1 min · 30 Oct 2025
Boekhouding & facturatie

Invoice numbering policy: what works, what causes chaos?

Number sequences in 2026 might sound futuristic, but in practice I see an SMB struggling with missing or duplicate invoice numbers every single week. Here are the three patterns that actually work.

2 min · 30 Oct 2025
PDF redactie

Redacting court documents: the specific rules

When sharing court documents as a lawyer, party, or press agency, specific redaction rules apply. Names of minors, medical data, judicial considerations — here's how to handle it.

2 min · 28 Oct 2025
Microsoft 365 & Entra ID

Teams external guests: which settings define the risk profiles?

Teams guest access has three layers at once: organisation settings, team settings, and chat settings. Here's the mental model so you don't accidentally leave everything wide open.

2 min · 28 Oct 2025
Toegangsbeheer

Temporary access: how to grant it — and revoke it

A consultant for 6 weeks, a developer brought in just for the migration, a cover during maternity leave. Granting temporary access is easy — revoking it is where things go wrong.

2 min · 26 Oct 2025
Compliance

Setting up an incident log that auditors trust

An empty incident log is a red flag for auditors. It doesn't mean nothing went wrong — it means you're not recording it. Here's how to set up a log that actually works.

2 min · 26 Oct 2025
Security zonder IT-afdeling

Incident response plan for SMBs on 2 pages

An incident response plan doesn't have to be a 50-page document. Two pages covering who does what and when is enough — as long as everyone knows it.

2 min · 25 Oct 2025
AVG & privacy

Cookie Consent in 2026: What's Changed, What's Allowed, What Has to Go?

Cookie legislation has been actively enforced since 2023. Many legacy cookie banners no longer comply. Here are the current rules and the three-column model.

2 min · 25 Oct 2025
Boekhouding & facturatie

Invoice requirements in the Netherlands: what must you include?

The Dutch Tax Authority has a fixed list of requirements. Miss any of them and your customer can't reclaim VAT — and you risk issues during an audit. Here's the checklist.

2 min · 22 Oct 2025