Cals College Digital, Secure and Transparent

To let information and ICT really contribute to the business, the Cals asked Highberg for advice. Highberg then supported the Cals by performing an ICT scan and delivering an ICT vision, target architecture (the requirements and wishes regarding the current set-up of the ICT) and ICT organizational model describing the internal information provision of the Cals for the coming years. As a follow-up, Highberg supported the Cals in implementing the recommendations. This resulted in the following successes, among others:

• Insight into all applications and underlying processes
• An ICT vision with a growth path appropriate to the goals of the Cals
• A strengthened governance with reporting and decision-making lines
• As of September 2019, the role of information manager has a permanent formation position

With the grip the Cals gained on (personal) data, ICT and the introduction of the AVG, the urgency to invest in privacy and information security grew.

Highberg performed a maturity scan for both privacy and information security. This gave the Cals insight into the extent to which they comply with the AVG and how (personal) data are secured. Highberg supports the Cals with its FG-as-a-service service and its privacy quartermaster to pull privacy to a higher maturity level.

In cooperation with Highberg, the Cals has achieved the following successes:

• Policy written for privacy and information security. To make implementation as practical as possible, these two topics were integrated into "data protection".
• Highberg is fulfilling the role of Privacy Quartermaster at the Cals to further shape the role of Privacy Officer.
• The role of Chief Information Security Officer (CISO) has been assigned to the information manager: he is the spider in the web when it comes to information security.
• For data protection, an appropriate growth path has been designed to implement the policy. From this growth path, we set up various processes and work instructions. We create insight into all applications, information systems and processing, assign ownership and then take risk-based measures. In order to keep a grip on the progress and operation, a connection has been sought as much as possible with the reporting and decision-making processes of information management.

Data protection is increasingly becoming an integral part of everyone's work at Cals College. New employees receive awareness training at the start of their positions. Furthermore, we pay attention in various ways to topics such as security incidents and rights of data subjects

What makes the Cals so successful is that they really let the investments in the field of information management and data protection contribute to business operations. It is not seen as a one-time exercise, but the Cals, in collaboration with Highberg, has designed an appropriate growth path to ensure lasting results. 'Keep it simple wherever possible' and responsibilities have been invested in the line organization as much as possible. Knowledge has been secured by shaping the roles of information manager, CISO, Privacy Officer (PO) and FG. In turn, they help the organization maintain a focus on development and assurance. Here, part of the vision is to work as uniformly as possible and connect the two offices in Nieuwegein and IJsselstein. Where this was not always self-evident in the organization, employees responded with great enthusiasm.

For more information, please contact Wim Kok.