National Information Security Experts

SafeHarbour, Dutch information security experts and consultants, have operated in the private sector since 2012. In just eight years, the company has garnered a reputation for extremely high service standards among its 275+ clients. Their reputation has made SafeHarbour a trusted resource for 80% of the municipalities in the Netherlands plus a number of healthcare organizations.

Chantal te Veer, Marketing Manager at SafeHarbour, outlined why the company focused its efforts in the government sector: “Information security at a government level is crucial for citizens of the Netherlands, ensuring total security in their systems will not only protect people’s privacy but provide peace of mind and trust when connecting their most valuable personal data with with government systems.”

Ready to Expand

SafeHarbour’s services can be time-consuming to establish though with more than 300 measures to take into account. Especially with many initial auditing processes being performed in time-consuming, error-prone systems like Excel, and email. For example, a Baseline Information Security Overview (or BIO) process follows 13 meticulous steps to evaluate the maturity of a client’s data protection. Each step is strictly controlled by SafeHarbour to meet and exceed ISO 27001 standards. However, a lot can still go wrong within these 13 steps.

Add GAP analysis, reporting, and risk management to their list of services and SafeHarbour’s consultants could spend up to a month implementing fundamental systems for an organization. With SafeHarbour planning to expand its client base rapidly, they needed access to a more time-efficient, modern process to support their clients.

“With guidelines and controls integrated in the IC control application, clients can cover all the bases and deliver valuable reporting in less than half the time.”

Pushing Data Security to New Heights

Ronald Driehuis, Software Engineer at SafeHarbour, wanted to combine their services in a single, central application that could be deployed directly into a client’s organization. After researching the RAD market, SafeHarbour chose Betty Blocks’ platform to develop its new tool due to the platform’s versatility which was needed to combine the various functions in one system.

In a meeting with Giel Jansen, Account Manager at Betty Blocks, Ronald outlined exactly what they needed from the IC Governance, Risk, and Control application. With it, SafeHarbour clients would use a dynamic questionnaire to enter their data which would automatically audit the organization’s safety compliance.

Using that audit, the application would then generate an in-depth GAP analysis that would lay out the necessary measures for municipalities to take. When used correctly, security and privacy officers would save 60% of their time spent performing risk assessments and focus more time on fixing existing problems.

Building their Centralized Tool

The development process itself was taken on by Betty Blocks’ service department in close collaboration with SafeHarbour. Both companies met frequently to prioritize features to be built in 2-week sprints, which were then put through user testing to ensure components were user-friendly and functional.

Over the course of the software development life cycle (from planning to deployment), new application functionality was added to the scope of the project due to feedback. User testing showed that an onboarding kit was needed to guide users through the implementation phase. This kit would teach organizations how to use the tool but also how to work securely going forward. For SafeHarbour, this would help them grow clients towards data maturity with less time investment needed.

Thanks to the speed and flexibility of no-code, the process of iterating on the original IC Control application could easily be included in the final version. Ultimately, SafeHarbour’s application was completed in 18 months, ready to be deployed into client organizations.