Eerlijk Veilig for SMB

An honest security scan for Microsoft 365 and the rest of your digital workplace

We help small and mid-sized organizations understand their biggest IT security risks. Microsoft 365 is the starting point, but we also look at websites, domains, email, social media, Google services, SaaS, devices and AI use.

Starting point
Microsoft 365
Output
Scan + action plan
Next step
Sprint or review

No fear selling, no enterprise jargon and no compliance guarantees. Clear insight, practical priorities and help with execution.

Microsoft-first, not blind to the rest

The scan starts with Microsoft 365 and includes Google, website, social media, SaaS, devices and AI use.

Advice that can be executed

Every attention point gets priority, owner, evidence reference and a recommended next step.

Honest about certainty

The output is a readiness estimate. No legal conclusion, no certification and no false certainty.

Real sample output

See what you will actually receive

The anonymized sample report contains a management summary, traceable findings, evidence references and a 30/90-day plan. All data is fictional.

Open sample report (PDF)
Cover of the Eerlijk Veilig sample report

What the scan delivers

A compact dossier that helps management, IT and partners understand what should happen first.

Plain-language management summary

Practical wording, traceable to scan input and intended for human review.

Risk matrix with top attention points

Practical wording, traceable to scan input and intended for human review.

30-day action list and 90-day improvement plan

Practical wording, traceable to scan input and intended for human review.

Microsoft 365 and SMB footprint observations

Practical wording, traceable to scan input and intended for human review.

AI tool register and data risks

Practical wording, traceable to scan input and intended for human review.

Improvement Sprint proposal for quick wins

Practical wording, traceable to scan input and intended for human review.

AVG/GDPR and NIS2-readiness attention points

Practical wording, traceable to scan input and intended for human review.

From first call to improvement path

A small, clear process that fits the daily reality of an SMB.

1. Scope and intake

We define trigger, Microsoft 365 context, apps, critical data and the first customer or insurer questions.

2. Evidence-light scan

The operator reviews cyber basics, AI use, website, domain, social media, SaaS, backups and suppliers.

3. Discussable dossier

You get a management summary, risk matrix, action plan, assumptions, limitations and evidence references.

4. Improve and review

After the scan we can help with a scoped Improvement Sprint and then periodic review or light management.

Clear price range

Eerlijke Security Scan

EUR 1,750 - 2,750one-off, excluding VAT

The final price follows a short scope check. No subscription or tooling commitment.

Included

  • Scope call and guided intake
  • Evidence-light review of Microsoft 365 and core digital security
  • Management report, risk matrix and 30/90-day plan
  • Personal review meeting and proposed next steps

Not included

Penetration testing, forensics, legal review, certification or unlimited implementation.

Personal delivery

One accountable operator, not an anonymous dashboard

Wouter Gaarenstroom guides the intake, human review and handover. AI supports draft work, but no customer output is shared without substantive review.

  • One point of contact
  • Human review required
  • A discussable dossier within five business days

Who this is for

  • Dutch SMB organizations with roughly 20-250 employees
  • Companies using Microsoft 365 without an internal security team
  • Teams dealing with customer questions, cyber insurance, AI use or supplier risk

Honest about limitations

The scan is a practical readiness estimate. It does not replace legal advice, certification, penetration testing, forensic investigation or a formal audit.

First conversation

Tell us briefly what is happening

Five fields are enough for an initial assessment. The details are not stored in the Cockpit and are used only for a personal response.