Do you know where your client data is stored and who can access it?
Data breaches are no longer a distant concern. House of Data helps your organization with data processing agreements, ISO 27001, GDPR compliance, and a security strategy that works in practice.
Our data processing agreements have been in a drawer for years
Signed in 2019, never updated. You don't really know if they are still accurate or if your vendors comply.
We want ISO 27001 but don't know where to start
Your clients or tenders require certification, but it seems like an enormous undertaking. You need someone to make it manageable.
Who actually has access to our systems?
Former employees with active accounts, shared passwords, vendors with admin rights. You sense something is off, but lack oversight.
We should be GDPR-compliant, but we're going by feel
You have a privacy statement on the website, but internally there is no register, no procedures, and no deliberate policy. It feels vulnerable.
Security assessment
We map your current situation: data processing agreements, access management, data flows, risks. You receive a clear report with priorities and quick wins.
Policy and implementation
We help you draft policies, procedures, and technical measures. From data processing agreements to access management to backup strategy. Practical, not bureaucratic.
Certification and maintenance
If desired, we guide you to ISO 27001 certification. Afterwards, we help with periodic reviews and audits to ensure it doesn't become a paper tiger.
IT and data in our DNA
We are not compliance consultants checking boxes. We understand the technology behind the systems you want to secure.
Practice over paper
Compliance that only exists on paper is worthless. We ensure policies actually work in daily operations.
Current threat awareness
We follow current events and translate them into concrete measures for your organization.
From SME to enterprise
ISO 27001 experience in manufacturing, healthcare, and IT organizations. We scale the approach to your organization size.
Information security is not an IT project. It is good governance. We help you make it manageable, keep it concrete, and make it part of your daily practice.
What to expect
- Initial security assessment
- ISO 27001 experience in manufacturing and IT
- GDPR compliance and data processing agreements
- Practical approach, not a paper tiger
Direct Access
Maurits den Dunnen - Program Manager & ISO 27001
Technical backup: Herman Holterman (CTO)
Is ISO 27001 mandatory?
Not legally for most companies, but an increasing number of clients and tenders require it. It is also a strong signal to customers that you take information security seriously.
How long does an ISO 27001 program take?
For an SME organization, on average 4-6 months from start to certification audit. We make it manageable by dividing it into phases and focusing on what truly reduces risk.
We are a small company, is this relevant for us?
Absolutely. Small companies are often more vulnerable because they have fewer resources for security. We scale the approach to your situation. It doesn't have to be a large program.
What is the difference with an IT security company?
We focus on policy, processes, and governance alongside technology. Many security companies provide firewalls and monitoring. We ensure your organization as a whole knows what to do, from board level to the work floor.