NLEN
Home Knowledge Base ISO 27001 NIS2 DORA ISO 42001 ISO 27701 GDPR Web Pentest AI & LLM Security AI Governance GRC Platform About us Careers Contact
Knowledge Base

Knowledge Base Cybersecurity & Compliance

Practical articles and guides on ISO 27001, NIS2, DORA, GDPR and AI Governance - by certified experts for Dutch SMEs.

What is ISO 27001 and what does certification cost?
ISO Standards 6 min

What is ISO 27001 and what does certification cost?

ISO 27001 is the international standard for information security. Discover what it entails, how long it takes and what c...
ISO 27001ISMSCertification
Read article
NIS2: are you required to be compliant?
Compliance 5 min

NIS2: are you required to be compliant?

NIS2 is mandatory for thousands of Dutch organisations. Check if you fall under the directive, what the requirements are...
NIS2ComplianceCybersecurity
Read article
What does a DPO do and when is it mandatory?
GDPR / Privacy 5 min

What does a DPO do and when is it mandatory?

A Data Protection Officer (DPO) is mandatory for many organisations. Read what...
DPOFGAVG
Read article
DORA: digital resilience for the financial sector
Compliance 5 min

DORA: digital resilience for the financial sector

DORA has been in effect since January 2025 for financial institutions in the EU. Discover the five pillars, who falls under it...
DORAFinanciële sectorICT-weerbaarheid
Read article
GDPR in practice for SMEs
GDPR / Privacy 6 min

GDPR in practice for SMEs

GDPR compliance is not a luxury but an obligation for almost every business. Discover the ten most common pitfalls...
AVGGDPRMKB
Read article
AI Governance: ISO 42001 explained
AI Governance 5 min

AI Governance: ISO 42001 explained

ISO 42001 is the first international standard for AI Management Systems. Discover why AI Governance is becoming increasingly urgent...
ISO 42001AI GovernanceEU AI Act
Read article
ISO 27001 Costs SMEs
ISO Standards 5 min

ISO 27001 Costs: What Do You Pay for Certification?

Complete overview of all cost components for ISO 27001 certification. External audit, implementation, internal hours and GRC platform.

ISO 27001CostsSME
NIS2 Supply Chain
Compliance 6 min

NIS2 & Suppliers: Supply Chain Responsibility

What does NIS2 require for your supplier policy? Three levels of assessment and contractual requirements.

NIS2Supply ChainCybersecurity Act
ISO 27001 vs NIS2
Compliance 5 min

ISO 27001 vs NIS2: Differences & Overlap

Comparison of both frameworks: where do they overlap and what does NIS2 require beyond ISO 27001?

ISO 27001NIS2Comparison
ISO 27001 Step-by-Step
ISO Standards 7 min

ISO 27001 Step-by-Step: 10 Steps to Certification

From management commitment to certificate: a practical plan including timeline and common mistakes.

ISO 27001Step-by-StepISMS
Data Processing Agreement GDPR
GDPR / Privacy 5 min

Data Processing Agreement: Complete Guide (GDPR)

Everything about DPAs: mandatory content, common mistakes and the relationship with ISO 27001.

GDPRDPAPrivacy
DORA vs NIS2
Compliance 6 min

DORA vs NIS2: Which Legislation Applies to You?

DORA and NIS2 comparison for the financial sector: scope, incident reporting, testing and third parties.

DORANIS2Financial Sector

Compliance support for your organisation?

Our experts help you through all steps of compliance implementation, from gap analysis to certification.

Free Advisory Meeting

Structured by compliance domain

The knowledge base is divided by compliance domain so you can quickly find the right article. Under ISO 27001 you will find practical step-by-step plans, examples of SoA documents and explanation of Annex A measures. The NIS2 section covers the Dutch Cybersecurity Act, reporting obligations and duty of care. The DORA section focuses on ICT risk management in the financial sector. We also publish on GDPR and AI Governance (ISO 42001).

Written for practice

Our articles are written by CISSP, CISA and ISO 27001 Lead Implementer certified consultants. We combine theory with examples from real implementations at SME+ organisations. Each article ends with a clear call-to-action or next step so you know what to do next. Where relevant we refer to official sources such as NCSC, Data Protection Authority, NEN and ENISA.

For management, CISO and IT teams

The knowledge base addresses multiple roles. For management and executives there are strategic overviews and cost indications. For CISO or Security Officer you will find implementation guides and control matrices. For IT teams we publish technical deep-dives such as hardening, logging and incident response. Everyone gets access to the same source material, at appropriate depth.

Frequently Asked Questions

How often are the articles updated?

We review core articles at least twice a year or sooner when legislation changes. The publication and revision dates are always at the top. Major updates (for example around the implementation of the Cybersecurity Act or AI Act) get a changelog.

Can I suggest a topic?

Of course. Through the contact form you can suggest topics. Often the best articles come from questions we receive during customer projects. Send in your question and we will publish an answer where possible that is also useful for other organisations.

Are the articles also suitable for non-technical readers?

Yes. We work with clear summaries and a TL;DR section for non-technical readers. In-depth sections are always optional and clearly marked, so managers and executives only need to read the strategic part.