Cals College Digital, Secure and Transparent

To let information and ICT really contribute to the business, Cals asked Highberg for advice. Highberg then supported Cals by performing an ICT scan and delivering an ICT vision, target architecture (the requirements and wishes regarding the current set-up of the ICT) and ICT organizational model describing the internal information provision of Cals for the coming years. As a follow-up, Highberg supported Cals in implementing the recommendations. This resulted in the following successes, among others: 

• Insight into all applications and underlying processes 

• An ICT vision with a growth path appropriate to the goals of Cals 

• A strengthened governance with reporting and decision-making lines 

• As of September 2019, the role of information manager has a permanent formation position 

With the grip Cals gained on personal data, ICT and the introduction of the AVG, the urgency to invest in privacy and information security grew. 

Highberg performed a maturity scan for both privacy and information security. This gave Cals insight into the extent to which they comply with the AVG and how personal data are secured. Highberg supports Cals with its FG-as-a-service service and its privacy quartermaster to pull privacy to a higher maturity level. 

In cooperation with Highberg, Cals has achieved the following successes: 

• Policy written for privacy and information security. To make implementation as practical as possible, these two topics were integrated into data protection 

• Highberg is fulfilling the role of privacy quartermaster at Cals to further shape the role of privacy officer 

• The role of chief information security officer (CISO) has been assigned to the information manager: he is the spider in the web when it comes to information security 

• For data protection, an appropriate growth path has been designed to implement the policy. From this growth path, various processes and work instructions are set up. Insight is created into all applications, information systems and processing, ownership is assigned and then risk-based measures are taken. In order to keep a grip on the progress and operation, a connection has been sought as much as possible with the reporting and decision-making processes of information management 

Data protection is increasingly becoming an integral part of everyone's work at Cals College. New employees receive awareness training at the start of their positions. Furthermore, attention is paid in various ways to topics such as security incidents and rights of data subjects. 

What makes Cals so successful is that they really let the investments in the field of information management and data protection contribute to business operations. It is not seen as a one-time exercise, but Cals, in collaboration with Highberg, has designed an appropriate growth path to ensure lasting results. 'Keep it simple wherever possible' and responsibilities have been invested in the line organization as much as possible. Knowledge has been secured by shaping the roles of information manager, CISO, privacy officer (PO) and FG. In turn, they help the organization maintain a focus on development and assurance. Part of the vision is to work as uniformly as possible and connect the two offices in Nieuwegein and IJsselstein. Where this was not always self-evident in the organization, employees responded with great enthusiasm.

For more information, please contact Wim Kok.