"Those who work well with standards run fewer risks and work more efficiently."

Cyberminute provides cybersecurity advice, unburdens companies on digital security and guides them through certification according to recognized standards. We spoke with Hans op 't Landt, director at Cyberminute, about the importance of standards, the NBN platform and how sustainability also plays an increasing role in their operations and advice.

Can you briefly outline what Cyberminute exactly does?

'We protect companies from cyber threats and guide them in achieving certifications. We help organizations with gap analyses, internal audits and implementations for certifications such as ISO 9001, ISO 27001 and ISO 22301. We also work around NIS2 and DORA [Digital Operational Resilience Act].'

How big is your organisation?

'We work with a permanent core of five people, surrounded by a flexible shell of sixteen to seventeen freelancers. In cybersecurity it is not easy to find talented people, so we are happy to be able to put together such a team.'

What is your role in the enterprise?

'I am one of the directors. On the one hand, I manage the consultants; on the other, I am responsible for business development. So I attract new customers. I also do implementations, because I want to stay in the business myself. That way I also understand the challenges our consultants face. It's hands-on management.

Do you manage standards within the organisation?

'We process the standards that are needed as a function of our customers. The consultants usually purchase the standards themselves through the NBN or through their own contacts. We also advise our clients to purchase the standards themselves, partly because of copyright. For an implementation or certification you need the standard anyway, because you need to be able to refer to specific passages. We bought all these standards in our private name, so we can consult them ourselves and use them correctly.'

Specifically, what standards do you use?

'The most important is ISO 27001 for information security. Other standards we use include ISO 22301 (business continuity), ISO 9001 (quality), ISO 14001 (environment), ISO 27701 (privacy), ISO 31000 (risk management) and ISO 42001 (artificial intelligence). We always buy what we need and make sure the customer also owns the standards.'

What do you use those standards for?

'Mainly as a reference tool and to check that our customers are applying the standards correctly. We use them to check whether the implementation is done properly. We don't get certified ourselves, but we guide clients through their process. And because we also provide training on these standards, we must of course master them perfectly.'

How did you get in touch with standards?

'Often the question arises from customers or partners. For example, "Can you help us achieve ISO 14001 or 27001?" Then again, NIS2 is required by law. But often these are voluntary choices, because companies want to improve themselves or follow a standard under pressure from customers.'

What do you think are the main reasons for using standards?

'The main reason is quality control. But standards also allow for better communication with customers and suppliers. Those who work well with standards run fewer risks and work more efficiently. There is also the aspect of conformity: a certificate gives customers assurance that you are working according to the rules. Moreover, standards keep you up-to-date: they bring you up to date with new developments. All that is of great value.

Do you notice differences in motivation among companies to work with standards?

'Certainly. When an Organisation is motivated to improve itself, the process goes a lot smoother and the added value is noticeable. But when a standard is only followed because a customer asks it, it often remains a dead letter. Then implementation is a lot harder.'

Are there also challenges in using standards?

'Of course. Cost is often mentioned, but I don't think that's an obstacle myself. For what you get out of it, it's a fair investment. A bigger challenge is knowledge. People buy a standard and think that's the end of it. But reading the standard and applying it are two different things. It's like driving a car: getting your license is one thing, but driving on the Brussels ring road is another. It takes time to interpret a standard and apply it to your own operation. That's what we help companies with.'

Do you use the NBN standards platform?

'Yes, regularly. It's very user-friendly: you quickly find what you're looking for, ordering goes smoothly and you get everything neatly as a download. It works fine, there's nothing negative to say about it.'

Are there features you find extra useful on the platform?

'The search function is really efficient. You enter a standard and you immediately find what you need. Ordering is easy. You can tell it's been well thought out.'

Do you have experience with NBN employees?

'Personally, I have never had to contact them - the website always works well. Customers who did contact them were always satisfied with the service. But so I have no direct experience with that myself. The fact that I don't need support mainly indicates that the platform works well.'

How is Cyberminute dealing with the challenges of our time?

'Sustainability is becoming increasingly important. ISO 27001 now includes a climate impact clause on policies. This forces organizations to think about their footprint. For example, we advise clients on the choice of data centers, electric cars and limiting travel. We ourselves make maximum use of Teams for short meetings. Physical contact remains important, but where possible, we opt for digital communication. We also work from flexible offices in Brussels and Zaventem. And we print as little as possible: we manage the standards digitally in the system. We also encourage our customers to do it this way. That way you limit paper use and avoid circulating outdated versions.'

Are you involved in standards development?

'No, not yet. This is mainly due to lack of time. We do want to put it on the agenda, because with our practical experience we can certainly make a useful contribution to standards committees. I myself am involved in academic research at Utrecht University on the resilience of SMEs. But standards development would be a logical next step.'

How do you see the future of standards in your industry?

'Standards continue to gain importance. Especially in cybersecurity, it is important to work according to a recognized framework. Customers are demanding more security, legislation is becoming stricter and digital threats are increasing. Standards help companies to prepare for this in a structured, credible and sustainable way.'

‍