A Low-Threshold Way to Get Started with Security

ISOPlanner is a user-friendly Software-as-a-Service (SaaS) solution that helps organisations manage ISO compliance within the Microsoft 365 environment. By integrating with tools such as SharePoint, Outlook, and Teams, companies can efficiently comply with standards such as ISO 27001, NEN, and the NIS2 Quality Mark.

Ivar, can you briefly explain what ISOPlanner does?

Ivar: “Our ISOPlanner software helps customers implement standards and frameworks. We provide a sort of framework or ‘coat rack’: customers get access to requirements and measures for a range of standards. That includes ISO and NEN standards, but also other frameworks that don’t originate from ISO or NEN.”

Your slogan is “Effortless Compliance Management in Microsoft 365.” What makes your approach unique?
Ivar: “Our software is the only solution fully integrated with Microsoft 365 for managing ISO standards. ISOPlanner acts as a layer on top of the existing Microsoft 365 environment. Users log in using their Microsoft account—no additional passwords required. Documentation stays within SharePoint, and ISOPlanner allows you to link documents and tasks directly within that environment.

There’s also integration with Outlook: tasks created in ISOPlanner automatically appear in users’ calendars. Employees can even complete tasks directly in Outlook—including checklists and document links. This makes the process incredibly accessible and easy to adopt.”

Which standard is most commonly implemented through ISOPlanner?
Ivar: “Within ISOPlanner, ISO 27001 is the most widely used standard. Globally, ISO 9001 is still more popular, but ISO 27001 is rapidly gaining ground.”

NIS2 and the associated supply chain obligations are a hot topic. How does the NIS2 Quality Mark fit into this, and what’s your view as a company?
Ivar: “The NIS2 Quality Mark was developed specifically for smaller SMEs that find the requirements of ISO 27001 too heavy. We don’t see it as competition, but as a complementary solution. It makes cybersecurity more accessible for businesses not ready for the complexity of full ISO certification. Through our collaboration with the Samen Digitaal Veilig initiative, we’ve seen high demand for practical solutions like this quality mark.”

The NIS2 Quality Mark focuses on SMEs and provides basic solutions. Do you see this as a threat to your work with ISO 27001?
Ivar: “Not at all—it’s simply a different approach for a different audience. For companies that find ISO 27001 too complex, the NIS2 Quality Mark is a low-threshold solution. What matters to us is offering clients the right fit—whether that’s ISO 27001 or the quality mark.”

“It makes sense—ISO 27001 can be overwhelming for many organisations. The NIS2 Quality Mark offers a practical starting point. It enables businesses to take small steps—perhaps moving from 10% to 20% compliance—and eventually grow into ISO 27001.”

You remain neutral, but I assume clients sometimes ask for advice. For example: ‘Should I go for the NIS2 Quality Mark or opt for ISO 27001?’ How do you handle such questions?
Ivar: “Yes, we are mainly an implementation partner and don’t conduct audits ourselves. But if clients ask us for advice, we try to help them think it through. Still, we avoid giving definitive recommendations, because it really depends on factors like their industry requirements or what their own clients expect from them.”

“We usually explain the differences. For example: if none of your clients are asking for ISO 27001, you might not need to pursue it. But if you anticipate questions related to NIS2 compliance, starting with a quality mark makes a lot of sense. It helps you establish a foundation, and you can always scale up to more comprehensive standards later. It’s all about a pragmatic approach.”

So there’s demand for a practical, usable framework?
Ivar: “Absolutely. Many organisations just want to know: ‘What exactly do I need to do?’ The NIS2 Quality Marks offer a concrete answer to that question. They translate legislation into a set of actionable measures. Once you accept that, you can actually start working on it.”

How do you see the relationship between ISO 27001 and NIS2?
Ivar: “ISO 27001 already covers a lot, but NIS2 introduces new elements—like the supply chain obligation. This means suppliers of companies covered by NIS2 also bear added responsibility. These aspects are not yet fully embedded in the older version of ISO 27001, so there is some overlap, but also additional requirements.”

Can clients come to you for help with NIS2?
Ivar: “Definitely. Clients can use ISOPlanner to implement standards more easily within their Microsoft 365 environment. If they have questions about NIS2, we can point them to the NIS2 Quality Marks. These marks are now available in ISOPlanner as the first framework supporting NIS2. That’s an important step—and more options may follow in the future.”

Why did you decide to support the NIS2 Quality Marks?
Ivar: “Honestly, it was driven by demand. Our customers and partners clearly expressed a need for a NIS2 solution. Partners who help their own clients with information security came to us asking for a framework. The NIS2 Quality Marks are the first solution we’re offering in this area.”

Finally, what do you think is important to add?
Ivar: “Many businesses are currently asking themselves: ‘Does NIS2 affect me? Am I directly covered by the law—or do I serve a client who is, and will hold me accountable?’ Based on that, they wonder: ‘Do I need to take action?’ Personally, I believe every business should take information security seriously.”

“It’s like a bike mechanic saying your bike should be well-maintained—some people think, ‘It’s just a bike,’ but I find it odd when a company doesn’t have a management system for information security. How can you not have processes for incident reporting, learning from mistakes, or assessing risks and taking the right measures? That should be standard practice.”

So your advice is to always take some action, even if in doubt?
Ivar: “Exactly. If you’re unsure—do something. And if you’re just getting started, the NIS2 Quality Marks offer an excellent and accessible entry point. Even if you think the legislation doesn’t directly apply to you, I’d say: do it anyway. Every company has information—whether from clients, employees, suppliers, or shareholders. That data lives in your systems, and you’re responsible for protecting it. That doesn’t happen by itself—you have to actively work on it.”