richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

removed emoji from filenames, Obsidian changed all relevant links

Browse source
This commit is contained in:
Richard Kranendonk 2026-05-07 15:01:04 +02:00
parent d316285a74
commit 68f1c38681
638 changed files with 710 additions and 3176 deletions
Download patch file Download diff file Expand all files Collapse all files

471
Clients/Gastenhuis/Gastenhuis Projectaanpak.canvas Normal file
View file

@ -0,0 +1,471 @@
{
"nodes":[
{"id":"09f6d6c1e8efb6e6","type":"group","x":-460,"y":1080,"width":1160,"height":620,"label":"Beleid voor Uitvoering (H8)"},
{"id":"7a48b34c6273cdae","type":"group","x":-460,"y":-580,"width":1160,"height":540,"label":"Context, Strategie en Leiderschap (H4, H5)"},
{"id":"6110ac3efe0e4494","type":"group","x":-460,"y":560,"width":1160,"height":400,"label":"PDCA voor Risicomanagement met de Canvas Methode (H8.2, H8.3)"},
{"id":"07178dd4253722ab","type":"group","x":-460,"y":80,"width":1160,"height":360,"label":"Risico's en Maatregelen (H6)"},
{"id":"288cd10d35aa383a","type":"group","x":300,"y":1800,"width":400,"height":360,"label":"Evaluatie en Verbetering (H9, H10)"},
{"id":"1520dd2bd87611ec","type":"group","x":-80,"y":1800,"width":339,"height":360,"label":"Documentatie (H7.5)"},
{"id":"1cd9769688fd69c3","type":"group","x":-460,"y":1800,"width":330,"height":360,"label":"Ondersteuning (H7.1-4)"},
{
"id":"82679ef2d10465f6",
"type":"text",
"text":"Asset Inventarisatie (A5.9)",
"styleAttributes":{},
"x":320,
"y":110,
"width":340,
"height":80
},
{
"id":"90146875843a9610",
"type":"text",
"text":"Dataclassificatie (A5.12)",
"styleAttributes":{},
"x":320,
"y":220,
"width":340,
"height":80
},
{
"id":"f967f99a6d088039",
"type":"text",
"text":"Rollen en Verantw.heden (A5.2-5.4)",
"styleAttributes":{},
"x":-50,
"y":330,
"width":340,
"height":80
},
{
"id":"53437152acfbfaa1",
"type":"text",
"text":"Planning Maatregelen (H8.1)",
"styleAttributes":{},
"x":320,
"y":330,
"width":340,
"height":80
},
{
"id":"4c92dc5b2f76a9a5",
"type":"text",
"text":"Risicoinventarisatie (H6.1.2)",
"styleAttributes":{},
"x":-50,
"y":110,
"width":340,
"height":80
},
{
"id":"4db47e26ac77f040",
"type":"text",
"text":"Penetratie test (A5.35, A8.8)",
"styleAttributes":{
"textAlign":null
},
"x":-420,
"y":220,
"width":340,
"height":80
},
{
"id":"872cfd9071333367",
"type":"text",
"text":"Risicoanalyse (H6.1.2)",
"styleAttributes":{},
"x":-50,
"y":220,
"width":340,
"height":80
},
{
"id":"40e49243a6b68dcb",
"type":"text",
"text":"Identificeren Maatregelen (H6.1.3)",
"styleAttributes":{},
"x":-420,
"y":330,
"width":340,
"height":80
},
{
"id":"464dfc9a3def80c2",
"type":"text",
"text":"Dreigingsanalyse (A5.7)",
"styleAttributes":{},
"x":-420,
"y":110,
"width":340,
"height":80
},
{
"id":"41e3b0bc38d8de84",
"type":"text",
"text":"SWOT analyse (H4.1)",
"styleAttributes":{},
"x":-420,
"y":-340,
"width":340,
"height":80
},
{
"id":"763fb2036c5dbdde",
"type":"text",
"text":"DESTEP analyse (H4.2)",
"styleAttributes":{},
"x":-50,
"y":-340,
"width":340,
"height":80
},
{
"id":"c8f64dbe95f776d2",
"type":"text",
"text":"Planning ISMS (H6.1.1)",
"styleAttributes":{"textAlign":"center"},
"x":-420,
"y":-140,
"width":1080,
"height":60
},
{
"id":"047bf657e7c0381f",
"type":"text",
"text":"Functiehuis (H4.1)",
"styleAttributes":{},
"x":-420,
"y":-240,
"width":340,
"height":80
},
{
"id":"a3402198a7fa4e49",
"type":"text",
"text":"Bedrijfsprocessen (H4.1)",
"styleAttributes":{},
"x":-50,
"y":-240,
"width":340,
"height":80
},
{
"id":"0b7306dec1c85f8d",
"type":"text",
"text":"Stakeholder analyse (H4.2)",
"styleAttributes":{},
"x":320,
"y":-340,
"width":340,
"height":80
},
{
"id":"4d7c1e2e9e3b5995",
"type":"text",
"text":"Wet- en Regelgeving\n(H4.2, A5.31-34)",
"styleAttributes":{},
"x":320,
"y":-240,
"width":340,
"height":80
},
{
"id":"39689fc26569c699",
"type":"text",
"text":"Besturingsmodel (H4.1)",
"styleAttributes":{},
"x":-50,
"y":-440,
"width":340,
"height":80
},
{
"id":"a36ad925134021b2",
"type":"text",
"text":"Management Workshop\n(H7.3, A6.3, A6.9)",
"styleAttributes":{},
"x":320,
"y":-440,
"width":340,
"height":80
},
{
"id":"2706559829c7a060",
"type":"text",
"text":"Risicobereidheid (H6.1.2)",
"styleAttributes":{},
"x":-420,
"y":-440,
"width":340,
"height":80
},
{
"id":"1f0798149501d740",
"type":"text",
"text":"Bepalen Doelstellingen (H6.2)",
"styleAttributes":{},
"x":-420,
"y":-540,
"width":340,
"height":80
},
{
"id":"f0b8fe39fe16ba4e",
"type":"text",
"text":"Bepalen Scope (H4.3)",
"styleAttributes":{},
"x":-50,
"y":-540,
"width":340,
"height":80
},
{
"id":"6a322f5cf5bd3f6a",
"type":"text",
"text":"Informatiebeveiligingsbeleid (H5.2)",
"styleAttributes":{},
"x":320,
"y":-540,
"width":340,
"height":80
},
{
"id":"549f8f6976e2591a",
"type":"text",
"text":"Documentatie (H7.5.2)",
"styleAttributes":{},
"x":-60,
"y":1840,
"width":280,
"height":80
},
{
"id":"a2d22052ff7096c5",
"type":"text",
"text":"Review kalender (H7.5.2)",
"styleAttributes":{},
"x":-60,
"y":1940,
"width":280,
"height":80
},
{
"id":"0968542472225677",
"type":"text",
"text":"Communicatieplan (H7.4)",
"styleAttributes":{},
"x":-60,
"y":2040,
"width":280,
"height":80
},
{
"id":"273d40cfef57c393",
"type":"text",
"text":"Audits en Reviews (H9.2, A.5.35-36)",
"styleAttributes":{},
"x":320,
"y":1840,
"width":280,
"height":80
},
{
"id":"28b11a96eef5c2b0",
"type":"text",
"text":"Management Review (H9.3)",
"styleAttributes":{},
"x":320,
"y":1940,
"width":280,
"height":80
},
{
"id":"0a5dc3ad69ffafc2",
"type":"text",
"text":"Beschikbaarstellen Middelen (H7.1)",
"styleAttributes":{},
"x":-440,
"y":1840,
"width":280,
"height":80
},
{
"id":"1e34a0d420b8cfcd",
"type":"text",
"text":"Competenties (H7.2)",
"styleAttributes":{},
"x":-440,
"y":1940,
"width":280,
"height":80
},
{
"id":"13dcb395f4d8f739",
"type":"text",
"text":"Afwijkingen en Correcties (H10.1)",
"styleAttributes":{},
"x":320,
"y":2040,
"width":280,
"height":80
},
{
"id":"d5be08d2d1baa414",
"type":"text",
"text":"Toegangsbeleid\n(A5.15-18, A8.2-5)",
"styleAttributes":{},
"x":-420,
"y":1344,
"width":340,
"height":80
},
{
"id":"314b04a8959f6fb5",
"type":"text",
"text":"Device management\n(A7.9-7.10, A8.1, 8.7)",
"styleAttributes":{},
"x":-420,
"y":1445,
"width":340,
"height":90
},
{
"id":"572c91765b41f7f3",
"type":"text",
"text":"Selectie en implementatie van technologie (A5.8, A5.23, A8.26-33, A.5.38-39, A7.13-14)",
"styleAttributes":{},
"x":-40,
"y":1344,
"width":340,
"height":80
},
{
"id":"79a0be9c6f598831",
"type":"text",
"text":"Leveranciersmanagement (A5.19-A5.23, A8.29)",
"styleAttributes":{},
"x":320,
"y":1344,
"width":340,
"height":80
},
{
"id":"68a6efa1a776c676",
"type":"text",
"text":"Fysieke beveiliging\n(A7.1-7.8, 7.12)",
"styleAttributes":{},
"x":-40,
"y":1445,
"width":340,
"height":90
},
{
"id":"d3b8c88bc841e209",
"type":"text",
"text":"Business Impact Analyse (A5.29-5.30)",
"styleAttributes":{},
"x":-40,
"y":1120,
"width":340,
"height":80
},
{
"id":"853301ab7242b5ef",
"type":"text",
"text":"Gebruikersbeleid\n(A5.10-14, A5.37, A5.40, A6.7-6.8, A7.7, A8.24)",
"styleAttributes":{},
"x":-40,
"y":1235,
"width":340,
"height":80
},
{
"id":"1e6b25bf6dcb833e",
"type":"text",
"text":"Bedrijfscontinuïteitsplan (A5.29-5.30, A5.42, A7.11)",
"styleAttributes":{},
"x":320,
"y":1120,
"width":340,
"height":80
},
{
"id":"94c365431ffd100e",
"type":"text",
"text":"Bewustzijn en training\n(H7.3, A6.3)",
"styleAttributes":{},
"x":320,
"y":1235,
"width":340,
"height":80
},
{
"id":"eaa3c32d191b350e",
"type":"text",
"text":"Personeelsbeleid\n(A6.1-6.6)",
"styleAttributes":{},
"x":-420,
"y":1235,
"width":340,
"height":80
},
{
"id":"4184e9e168fd5fdf",
"type":"text",
"text":"Beleid overige maatregelen (A5.1)",
"styleAttributes":{},
"x":-420,
"y":1565,
"width":340,
"height":90
},
{
"id":"6273a5aafc2f54d2",
"type":"text",
"text":"ICT Beheer (A8.7-8.35)",
"styleAttributes":{},
"x":320,
"y":1445,
"width":340,
"height":90
},
{
"id":"360024c970e70d34",
"type":"text",
"text":"Implementatie maatregelen (H8.3)",
"styleAttributes":{"textAlign":"center"},
"x":-40,
"y":1565,
"width":700,
"height":90
},
{
"id":"ff8f4d59b9462109",
"type":"text",
"text":"Incidentenbeheer \n(A5.24-29, A5.43, A6.8)",
"styleAttributes":{},
"x":-420,
"y":1120,
"width":340,
"height":80
},
{
"id":"8cf31932e32c4d1c",
"type":"text",
"text":"Continue verbetering (H10.1)",
"styleAttributes":{"textAlign":"center"},
"x":-408,
"y":880,
"width":1068,
"height":60
},
{"id":"ddfc9917c2c7fc66","type":"file","file":"iso27diy-corp/Corpus/Attachments/Canvas Cyclus.png","x":-408,"y":620,"width":278,"height":200},
{"id":"27d02011ccccb4c0","type":"file","file":"iso27diy-corp/Corpus/Attachments/Canvas Cyclus.png","x":-19,"y":620,"width":278,"height":200},
{"id":"6c394a4088d586b3","type":"file","file":"iso27diy-corp/Corpus/Attachments/Canvas Cyclus.png","x":382,"y":620,"width":278,"height":200}
],
"edges":[],
"metadata":{
"version":"1.0-1.0",
"frontmatter":{}
}
}

471
Clients/Gastenhuis/Gastenhuis Projectaanpak.canvas copy Normal file
View file

@ -0,0 +1,471 @@
{
"nodes":[
{"id":"09f6d6c1e8efb6e6","type":"group","x":-460,"y":1080,"width":1160,"height":620,"label":"Beleid voor Uitvoering (H8)"},
{"id":"7a48b34c6273cdae","type":"group","x":-460,"y":-580,"width":1160,"height":540,"label":"Context, Strategie en Leiderschap (H4, H5)"},
{"id":"6110ac3efe0e4494","type":"group","x":-460,"y":560,"width":1160,"height":400,"label":"PDCA voor Risicomanagement met de Canvas Methode (H8.2, H8.3)"},
{"id":"07178dd4253722ab","type":"group","x":-460,"y":80,"width":1160,"height":360,"label":"Risico's en Maatregelen (H6)"},
{"id":"288cd10d35aa383a","type":"group","x":300,"y":1800,"width":400,"height":360,"label":"Evaluatie en Verbetering (H9, H10)"},
{"id":"1520dd2bd87611ec","type":"group","x":-80,"y":1800,"width":339,"height":360,"label":"Documentatie (H7.5)"},
{"id":"1cd9769688fd69c3","type":"group","x":-460,"y":1800,"width":330,"height":360,"label":"Ondersteuning (H7.1-4)"},
{
"id":"82679ef2d10465f6",
"type":"text",
"text":"Asset Inventarisatie (A5.9)",
"styleAttributes":{},
"x":320,
"y":110,
"width":340,
"height":80
},
{
"id":"90146875843a9610",
"type":"text",
"text":"Dataclassificatie (A5.12)",
"styleAttributes":{},
"x":320,
"y":220,
"width":340,
"height":80
},
{
"id":"f967f99a6d088039",
"type":"text",
"text":"Rollen en Verantw.heden (A5.2-5.4)",
"styleAttributes":{},
"x":-50,
"y":330,
"width":340,
"height":80
},
{
"id":"53437152acfbfaa1",
"type":"text",
"text":"Planning Maatregelen (H8.1)",
"styleAttributes":{},
"x":320,
"y":330,
"width":340,
"height":80
},
{
"id":"4c92dc5b2f76a9a5",
"type":"text",
"text":"Risicoinventarisatie (H6.1.2)",
"styleAttributes":{},
"x":-50,
"y":110,
"width":340,
"height":80
},
{
"id":"4db47e26ac77f040",
"type":"text",
"text":"Penetratie test (A5.35, A8.8)",
"styleAttributes":{
"textAlign":null
},
"x":-420,
"y":220,
"width":340,
"height":80
},
{
"id":"872cfd9071333367",
"type":"text",
"text":"Risicoanalyse (H6.1.2)",
"styleAttributes":{},
"x":-50,
"y":220,
"width":340,
"height":80
},
{
"id":"40e49243a6b68dcb",
"type":"text",
"text":"Identificeren Maatregelen (H6.1.3)",
"styleAttributes":{},
"x":-420,
"y":330,
"width":340,
"height":80
},
{
"id":"464dfc9a3def80c2",
"type":"text",
"text":"Dreigingsanalyse (A5.7)",
"styleAttributes":{},
"x":-420,
"y":110,
"width":340,
"height":80
},
{
"id":"41e3b0bc38d8de84",
"type":"text",
"text":"SWOT analyse (H4.1)",
"styleAttributes":{},
"x":-420,
"y":-340,
"width":340,
"height":80
},
{
"id":"763fb2036c5dbdde",
"type":"text",
"text":"DESTEP analyse (H4.2)",
"styleAttributes":{},
"x":-50,
"y":-340,
"width":340,
"height":80
},
{
"id":"c8f64dbe95f776d2",
"type":"text",
"text":"Planning ISMS (H6.1.1)",
"styleAttributes":{"textAlign":"center"},
"x":-420,
"y":-140,
"width":1080,
"height":60
},
{
"id":"047bf657e7c0381f",
"type":"text",
"text":"Functiehuis (H4.1)",
"styleAttributes":{},
"x":-420,
"y":-240,
"width":340,
"height":80
},
{
"id":"a3402198a7fa4e49",
"type":"text",
"text":"Bedrijfsprocessen (H4.1)",
"styleAttributes":{},
"x":-50,
"y":-240,
"width":340,
"height":80
},
{
"id":"0b7306dec1c85f8d",
"type":"text",
"text":"Stakeholder analyse (H4.2)",
"styleAttributes":{},
"x":320,
"y":-340,
"width":340,
"height":80
},
{
"id":"4d7c1e2e9e3b5995",
"type":"text",
"text":"Wet- en Regelgeving\n(H4.2, A5.31-34)",
"styleAttributes":{},
"x":320,
"y":-240,
"width":340,
"height":80
},
{
"id":"39689fc26569c699",
"type":"text",
"text":"Besturingsmodel (H4.1)",
"styleAttributes":{},
"x":-50,
"y":-440,
"width":340,
"height":80
},
{
"id":"a36ad925134021b2",
"type":"text",
"text":"Management Workshop\n(H7.3, A6.3, A6.9)",
"styleAttributes":{},
"x":320,
"y":-440,
"width":340,
"height":80
},
{
"id":"2706559829c7a060",
"type":"text",
"text":"Risicobereidheid (H6.1.2)",
"styleAttributes":{},
"x":-420,
"y":-440,
"width":340,
"height":80
},
{
"id":"1f0798149501d740",
"type":"text",
"text":"Bepalen Doelstellingen (H6.2)",
"styleAttributes":{},
"x":-420,
"y":-540,
"width":340,
"height":80
},
{
"id":"f0b8fe39fe16ba4e",
"type":"text",
"text":"Bepalen Scope (H4.3)",
"styleAttributes":{},
"x":-50,
"y":-540,
"width":340,
"height":80
},
{
"id":"6a322f5cf5bd3f6a",
"type":"text",
"text":"Informatiebeveiligingsbeleid (H5.2)",
"styleAttributes":{},
"x":320,
"y":-540,
"width":340,
"height":80
},
{
"id":"549f8f6976e2591a",
"type":"text",
"text":"Documentatie (H7.5.2)",
"styleAttributes":{},
"x":-60,
"y":1840,
"width":280,
"height":80
},
{
"id":"a2d22052ff7096c5",
"type":"text",
"text":"Review kalender (H7.5.2)",
"styleAttributes":{},
"x":-60,
"y":1940,
"width":280,
"height":80
},
{
"id":"0968542472225677",
"type":"text",
"text":"Communicatieplan (H7.4)",
"styleAttributes":{},
"x":-60,
"y":2040,
"width":280,
"height":80
},
{
"id":"273d40cfef57c393",
"type":"text",
"text":"Audits en Reviews (H9.2, A.5.35-36)",
"styleAttributes":{},
"x":320,
"y":1840,
"width":280,
"height":80
},
{
"id":"28b11a96eef5c2b0",
"type":"text",
"text":"Management Review (H9.3)",
"styleAttributes":{},
"x":320,
"y":1940,
"width":280,
"height":80
},
{
"id":"0a5dc3ad69ffafc2",
"type":"text",
"text":"Beschikbaarstellen Middelen (H7.1)",
"styleAttributes":{},
"x":-440,
"y":1840,
"width":280,
"height":80
},
{
"id":"1e34a0d420b8cfcd",
"type":"text",
"text":"Competenties (H7.2)",
"styleAttributes":{},
"x":-440,
"y":1940,
"width":280,
"height":80
},
{
"id":"13dcb395f4d8f739",
"type":"text",
"text":"Afwijkingen en Correcties (H10.1)",
"styleAttributes":{},
"x":320,
"y":2040,
"width":280,
"height":80
},
{
"id":"d5be08d2d1baa414",
"type":"text",
"text":"Toegangsbeleid\n(A5.15-18, A8.2-5)",
"styleAttributes":{},
"x":-420,
"y":1344,
"width":340,
"height":80
},
{
"id":"314b04a8959f6fb5",
"type":"text",
"text":"Device management\n(A7.9-7.10, A8.1, 8.7)",
"styleAttributes":{},
"x":-420,
"y":1445,
"width":340,
"height":90
},
{
"id":"572c91765b41f7f3",
"type":"text",
"text":"Selectie en implementatie van technologie (A5.8, A5.23, A8.26-33, A.5.38-39, A7.13-14)",
"styleAttributes":{},
"x":-40,
"y":1344,
"width":340,
"height":80
},
{
"id":"79a0be9c6f598831",
"type":"text",
"text":"Leveranciersmanagement (A5.19-A5.23, A8.29)",
"styleAttributes":{},
"x":320,
"y":1344,
"width":340,
"height":80
},
{
"id":"68a6efa1a776c676",
"type":"text",
"text":"Fysieke beveiliging\n(A7.1-7.8, 7.12)",
"styleAttributes":{},
"x":-40,
"y":1445,
"width":340,
"height":90
},
{
"id":"d3b8c88bc841e209",
"type":"text",
"text":"Business Impact Analyse (A5.29-5.30)",
"styleAttributes":{},
"x":-40,
"y":1120,
"width":340,
"height":80
},
{
"id":"853301ab7242b5ef",
"type":"text",
"text":"Gebruikersbeleid\n(A5.10-14, A5.37, A5.40, A6.7-6.8, A7.7, A8.24)",
"styleAttributes":{},
"x":-40,
"y":1235,
"width":340,
"height":80
},
{
"id":"1e6b25bf6dcb833e",
"type":"text",
"text":"Bedrijfscontinuïteitsplan (A5.29-5.30, A5.42, A7.11)",
"styleAttributes":{},
"x":320,
"y":1120,
"width":340,
"height":80
},
{
"id":"94c365431ffd100e",
"type":"text",
"text":"Bewustzijn en training\n(H7.3, A6.3)",
"styleAttributes":{},
"x":320,
"y":1235,
"width":340,
"height":80
},
{
"id":"eaa3c32d191b350e",
"type":"text",
"text":"Personeelsbeleid\n(A6.1-6.6)",
"styleAttributes":{},
"x":-420,
"y":1235,
"width":340,
"height":80
},
{
"id":"4184e9e168fd5fdf",
"type":"text",
"text":"Beleid overige maatregelen (A5.1)",
"styleAttributes":{},
"x":-420,
"y":1565,
"width":340,
"height":90
},
{
"id":"6273a5aafc2f54d2",
"type":"text",
"text":"ICT Beheer (A8.7-8.35)",
"styleAttributes":{},
"x":320,
"y":1445,
"width":340,
"height":90
},
{
"id":"360024c970e70d34",
"type":"text",
"text":"Implementatie maatregelen (H8.3)",
"styleAttributes":{"textAlign":"center"},
"x":-40,
"y":1565,
"width":700,
"height":90
},
{
"id":"ff8f4d59b9462109",
"type":"text",
"text":"Incidentenbeheer \n(A5.24-29, A5.43, A6.8)",
"styleAttributes":{},
"x":-420,
"y":1120,
"width":340,
"height":80
},
{
"id":"8cf31932e32c4d1c",
"type":"text",
"text":"Continue verbetering (H10.1)",
"styleAttributes":{"textAlign":"center"},
"x":-408,
"y":880,
"width":1068,
"height":60
},
{"id":"ddfc9917c2c7fc66","type":"file","file":"📎 Attachments/Canvas Cyclus.png","x":-408,"y":620,"width":278,"height":200},
{"id":"27d02011ccccb4c0","type":"file","file":"📎 Attachments/Canvas Cyclus.png","x":-19,"y":620,"width":278,"height":200},
{"id":"6c394a4088d586b3","type":"file","file":"📎 Attachments/Canvas Cyclus.png","x":382,"y":620,"width":278,"height":200}
],
"edges":[],
"metadata":{
"version":"1.0-1.0",
"frontmatter":{}
}
}

41
Clients/Gastenhuis/Gastenhuis kennismaking.md Normal file
View file

@ -0,0 +1,41 @@
---
tags:
- client/Gastenhuis
created: 2025-06-11
---
11 juni 2025
René Leideritz, kwaliteit, innovatie en zorginkoop
Mark Stevenaar, bestuurder/CFO, portefeuillehouder IT
via Onno Adolfs van Sigra.
Willen NEN 7510, vallen naar eigen mening als zorgorganisatie onder NIS 2
Kwaliteitsmanagement ISO 9001 gecertificeerd
400 man, 30 locaties, 30 medewerkers op kantoor
Bewust zeer kleine overhead
Operationeel MT, 4 regiomanagers olv de operationeel directeur
Decentrale werving van klanten en medewerkers
Groeistrategie
Uitdagingen zijn beleidsvorming, decentrale organisatie 'blinde vlekken, zicht en controle'
Interne IT manager (freelance 3 dagen per week): accountbeheer, SSO, active directory
Privacy Officer
2 applicatiebeheerders
IT MSP is [Steenkamp](https://steenkampict.nl)
MSSP is [Eye Security](https://www.eye.security/solutions)
AFAS voor HR
ONS van Nedap voor clientdossier en administratie
Axxerion FMIS QLink
Na even nadenken volgen er nog zo'n 6 applicaties
Belangrijke vraag is wie er toegang moeten krijgen tot ONS: de rijdende tandarts, fysio, huisarts, etc.

78
Clients/Gastenhuis/Voorstel Gastenhuis.md Normal file
View file

@ -0,0 +1,78 @@
---
tags:
- client/Gastenhuis
created: 2025-11-19
---
## Aanleiding
Het Gastenhuis is als zorginstelling verplicht te voldoen aan de NEN 7510 en de NIS 2. Het management heeft vastgesteld dat er intern onvoldoende capaciteit is, om het managementsysteem op te zetten en de maatregelen te implementeren, waarmee aan die verplichting voldaan wordt. Daarom zoekt Het Gastenhuis projectbegeleiding en advisering met als doel een NEN 7510 certificering te behalen, en de aanvullende zaken te implementeren die nodig zijn vanuit de NIS 2.
## Situatie
_Het Gastenhuis biedt een liefdevol thuis aan mensen met dementie en recht op 24-uurs zorg. Kleinschalig, open en midden in de maatschappij met locaties door heel Nederland.”_
Om dit te kunnen bieden heeft Het Gastenhuis er voor gekozen de 'overhead' zo klein mogelijk te houden. Dit uit zich onder andere in een, in verhouding, klein hoofdkantoor[^1] en aan de regio's gedelegeerde verantwoordelijkheden[^2]. De werving van klanten en medewerkers, bijvoorbeeld, is decentraal belegd.
Als uitdagingen voor het implementeren van de NEN 7510 en de NIS 2 worden beleidsvorming genoemd en het beperkte zicht op risico's in de decentrale organisatie.
## Relevante organisatiekenmerken
In het gesprek tussen René Leideritz, Mark Stevenaar en Richard Kranendonk op 11 juni jl. zijn de volgende zaken benoemd:
- Het Gastenhuis heeft een ISO 9001 certificering voor haar kwaliteitsmanagement de organisatie is dus bekend met het systematisch en gedocumenteerd beheersen van risico's en heeft daarin een hoge procesvolwassenheid.
- Er is ongeveer 400 man personeel, verdeeld over 30 locaties en het hoofdkantoor.
- Besluiten worden genomen in het Operationeel MT, bestaande uit 4 regiomanagers o.l.v. de operationeel directeur.
- Er is een Privacy Officer en een interne IT manager, die zich voornamelijk richt op het beheer van accounts, de Active Directory, en de implementatie van SSO.
- De belangrijkste applicaties zijn AFAS-HR, Nedap-ONS en Axxerion.
- Er zijn 2 applicatiebeheerders.
- Het beheer van de werkplekken en de Microsoft omgeving is belegd bij Steenkamp Automatisering.
- Eye Security levert IT-beveiligingsdiensten.
## Uitgangspunten voorstel
Voor de implementatie van NEN 7510 en de NIS 2 binnen Het Gastenhuis stellen we de volgende uitgangspunten voor:
- Procesgerelateerde risico's worden zoveel mogelijk opgepakt waar ze ontstaan: in de regio's; technische risico's worden centraal gemanaged.
- Hiervoor wordt de Canvas Methode voor Informatieveiligheid ingezet, waarmee zowel centraal als decentraal een PDCA-cyclus[^3] voor voortdurende verbetering geïmplementeerd wordt.
- Introductie van een eenvoudig rapportage-model voor zicht op decentrale risico's en maatregelen (onderdeel van de Canvas Methode).
- Centrale beleidsvorming, gedragen door de regio's (via het Operationeel MT).
- Hanteren van een groeimodel: starten met beleidsvorming en implementatie op onderwerpen waar de organisatie direct voordeel van heeft. Gaandeweg vullen we de details in conform Bijlage A / NEN 7510-2.
- Werken met wat er al is: op veel onderdelen zal al werk verricht zijn (bijv. vanuit ISO 9001), we gebruiken dat om verder op te bouwen.
De scope van het bovenstaande is uiteraard informatieveiligheid.
## Aanpak
- Context
- functieboek
- processenboek
- applicatielandschap
- governance model
- Asset inventarisatie
- Strategie
- risicobereidheid
- Risico-inventarisatie
- gebruik van openbare dreigingsanalyses en best practices
- interviews met stakeholders
- Inventarisatie 'prior work'
## Ontwikkelaanpak
We doen een risicoanalyse. We schrijven op hoe we dat gedaan hebben, en wie er verantwoordelijk is. (Daarbij sluiten we aan op wat er al aan rollen in de organisatie beschreven is) Dan hebben we een Beleid Risico analyse. Daarin staat ook periodiek gaan herhalen, dat schrijven we op de kalender
Zelfde voorbeeld voor data classificatie
Waarom schrijf ik steeds we? Isms is cyclus. Dat betekent dat jullie de activiteiten periodiek moeten herhalen, en dus zelf moeten kunnen uitvoeren (als je overhead wil besparen). De beste manier is jullie actief te betrekken in de totstandkoming. Ook voor het draagvlak en vergroten van awareness en eigenaarschap
Door de inzet van de Canvas Methode voor Informatieveiligheid ontstaat ook het bewustzijn van de noodzaak van de maatregelen, het belang daarvan voor de continuiteit en de zorg, dichtg op de eigen processen, en eigenaarscahp.
## Plaatje
Opmerking: naamgeving en indeling zijn licht gewijzigd voor de duidelijkheid van dit diagram
## Bijlage: de Canvas Methode voor Informatieveiligheid
[^1]: ca. 30 medewerkers in Amsterdam.
[^2]: thans 4 regio's en evenzoveel regiodirecteuren.
[^3]: Plan - Do - Check - Act, ook wel de Deming Cyclus