ISO 27001 is the leading international standard for information security management systems (ISMS). It helps organisations systematically protect information, manage risks, and build trust with customers, partners, and regulators.

The Baseline Informatiebeveiliging Overheid (BIO2) defines information security requirements for the Dutch public sector. We help (semi‑)government organisations implement and maintain compliance with BIO2 in a pragmatic and sustainable way.

IIEC 62443 is an international standard for cybersecurity in industrial automation and control systems (IACS/OT). We support organisations in integrating security‑by‑design and defense‑in‑depth concepts into their ICS and OT environments.

If your organisation is classified as an essential or important entity, or as a vital supplier, the NIS2 Directive and its Dutch implementation (Cbw) likely apply. In addition, if you qualify as a critical entity, the Critical Entities Resilience (CER) framework and its Dutch implementation (Wet weerbaarheid kritieke entiteiten, Wwke) may also be relevant. We advise and guide you through the entire compliance journey.

Our risk management workshops help you map and prioritize risks in a practical and structured way, based on proven methodologies such as MAPGOOD and RAVIB. This forms the foundation for effective risk treatment and governance.

Human behaviour is a leading cause of security incidents. We design tailored awareness campaigns and training programs that increase employees’ understanding of cyber risks and promote secure, day‑to‑day behaviour.

ITIL best practices enhance cybersecurity by introducing structured processes for incident management, change control, and service continuity. This improves operational efficiency and strengthens overall information security governance.

An independent assurance report (e.g., ISAE 3000 Type I/II or SOC 2) demonstrates to customers and partners that your services and controls meet recognized international standards for security and privacy.

An internal audit is a periodic review to verify that your information security management system remains compliant, effective, and aligned with your objectives. We perform these audits in a structured and objective manner.

Yes. We design audits tailored to your organisation’s key risks and maturity level, focusing on the most critical assets, processes, and controls.

Resotech provides temporary, expert support for key roles in ICT and industrial automation (OT). Depending on the phase of your project, we help you clearly define your challenges, identify improvement opportunities aligned with your business objectives, and guide the improvement trajectory. We develop a structured approach and take responsibility for (project) management in IT, OT, and cybersecurity. Together we realise solutions that increase efficiency, improve information flows and processes, implement a cybersecurity roadmap, or replace control systems. In short, Resotech delivers the expertise and execution power to drive your organisation forward in a sustainable way.

An external CISO from Resotech provides the strategic expertise and oversight of a Chief Information Security Officer without the need for a full‑time appointment. With Resotech’s CISO as a Service, you receive temporary or part‑time support tailored to your organisation’s maturity level and objectives.

The Resotech CISO supports risk identification, defines a cybersecurity strategy and roadmap, and guides the implementation of security controls. In addition, they help ensure regulatory compliance, strengthen security awareness, and oversee incident management and improvement programs. This gives your organisation the right governance, expertise, and flexibility to build a secure and future‑proof information security posture.