Cals College Digital, Secure and Transparent

By Wim Kok

Due to the increasing digitization of education and the introduction of the AVG, security and careful handling of (personal) data and supporting resources have become increasingly important. This is also observed by the Cals College, a secondary school community with two branches: one in Nieuwegein and one in IJsselstein. The Cals has recently taken a professionalization step in the field of information management, privacy and information security. In this process, Highberg advised and provided and implemented methods to get a better grip on the management of ICT, privacy and information security. In addition, Highberg fulfills the role of Data Protection Officer (FG) and Privacy Quartermaster.

Good ICT support as key to flexible education

Grip on information

To let information and ICT really contribute to the business, the Cals asked Highberg for advice. Highberg then supported the Cals by performing an ICT scan and delivering an ICT vision, target architecture (the requirements and wishes regarding the current set-up of the ICT) and ICT organizational model describing the internal information provision of the Cals for the coming years. As a follow-up, Highberg supported the Cals in implementing the recommendations. This resulted in the following successes, among others:

  • Insight into all applications and underlying processes
  • An ICT vision with a growth path appropriate to the goals of the Cals
  • A strengthened governance with reporting and decision-making lines
  • As of September 2019, the role of information manager has a permanent formation position

Privacy protection and information security

With the grip the Cals gained on (personal) data, ICT and the introduction of the AVG, the urgency to invest in privacy and information security grew.

Highberg performed a maturity scan for both privacy and information security. This gave the Cals insight into the extent to which they comply with the AVG and how (personal) data are secured. Highberg supports the Cals with its FG-as-a-service service and its privacy quartermaster to pull privacy to a higher maturity level.

In cooperation with Highberg, the Cals has achieved the following successes:

  • Policy written for privacy and information security. To make implementation as practical as possible, these two topics were integrated into "data protection".
  • Highberg is fulfilling the role of Privacy Quartermaster at the Cals to further shape the role of Privacy Officer.
  • The role of Chief Information Security Officer (CISO) has been assigned to the information manager: he is the spider in the web when it comes to information security.
  • For data protection, an appropriate growth path has been designed to implement the policy. From this growth path, we set up various processes and work instructions. We create insight into all applications, information systems and processing, assign ownership and then take risk-based measures. In order to keep a grip on the progress and operation, a connection has been sought as much as possible with the reporting and decision-making processes of information management.

Data protection is increasingly becoming an integral part of everyone's work at Cals College. New employees receive awareness training at the start of their positions. Furthermore, we pay attention in various ways to topics such as security incidents and rights of data subjects

Success factors

What makes the Cals so successful is that they really let the investments in the field of information management and data protection contribute to business operations. It is not seen as a one-time exercise, but the Cals, in collaboration with Highberg, has designed an appropriate growth path to ensure lasting results. 'Keep it simple wherever possible' and responsibilities have been invested in the line organization as much as possible. Knowledge has been secured by shaping the roles of information manager, CISO, Privacy Officer (PO) and FG. In turn, they help the organization maintain a focus on development and assurance. Here, part of the vision is to work as uniformly as possible and connect the two offices in Nieuwegein and IJsselstein. Where this was not always self-evident in the organization, employees responded with great enthusiasm.

For more information, please contact Wim Kok.