Cyber Security & Continuity

Cloudsourcing

Government and Public Sector

Crowdstrike (major) malfunction: 4 Valuable BCM Lessons for the Future

Crowdstrike malfunction

Patrick tomasso 61 Mt R Bl1qe E unsplash

Last Friday, many organizations worldwide were affected by a serious malfunction on Windows laptops caused by a bug in Crowdstrike's antivirus software. This incident underscores the importance of a robust Business Continuity Management (BCM) plan. Below, I will discuss the events and share lessons that can help your organization be better prepared for such incidents.

Floris Baauw

People, Leadership & Culture

Enhance your organizational culture with best practices from industry leaders

Enhance your organizational culture

Enhance your organizational

A strong cultural identity is essential for businesses success. It helps to keep employees happy, encourages new ideas, and leads to overall success. But what makes the best companies stand out? The secret lies in how they build and maintain their workplace culture. In this article, we explore some of the successful strategies used by top companies. You can apply these practical tips and examples to enhance your organization’s culture and achieve excellent results.

Niek Klaver

Netherlands

Enhance your organizational culture with best practices from industry leaders: feedback, collaboration and learning & development

Organizational

Strategy & Change

Risk, Resilience & Compliance

Eight Things You Need to Know About NIS2

The European Union (EU) is deeply concerned about the cybersecurity of organizations within vital sectors. The EU has introduced the Network and Information Security 2 Directive (hereinafter: NIS2) to enhance the cyber resilience of these organizations. Organizations within vital sectors are obligated to comply with NIS2 from October 18, 2024. Organizations belong to the vital sector when their service provision (temporarily) disrupts and has a significant impact on the economy and society.
In this Insight, you will read about the eight things you absolutely need to know about NIS2.

Nino van Leeuwen

Shankar Sahtie

Digital

Diversity, Equity & Inclusion

Gender Mobility

The gender balance in the inflow, through-flow and outflow of employees says something about the Diversity and Inclusiveness of an organization. Thus, a good understanding of the mobility patterns of men and women is crucial for any organization that is serious about Diversity and Inclusion. Indeed, understanding these patterns helps to formulate answers around the questions below.
<ul><li>Are enough women coming in to maintain diversity?</li><li>Do women have the same opportunities as men to be promoted?</li><li>Is there a glass ceiling?</li><li>Does the organization have more/less difficulty engaging women?</li><li>What is the likelihood that diversity goals will be met?</li></ul>

Henrieke van Bommel

People Analytics Transformation

Calculate employee turnover (Employee turnover analysis)

Calculate employee turnover

Structurally high employee turnover is problematic for organizations. Excessive employee turnover incurs significant costs and can even impact issues such as business continuity and customer satisfaction. An employee turnover analysis, through advanced statistical analysis, identifies risk groups, helps to understand the causes of turnover, predicts how employee turnover will develop and predicts where turnover will occur.

In short, deploying HR Analytics on the topic of employee turnover gives organizations the tools to prevent employee turnover!

Irma Doze

Employee Experience

Labor-market positioning

Having the right people in the right place at the right time is critical to an organization's success. To effectively bring in the right people, it is essential to understand how your organization is viewed from the job market.
Are potential employees familiar with the employer brand? What positive and lesser associations do they have with the employer brand? To what extent is there an employer brand preference?
Answers to these and other labor market positioning questions will help you reach the right target group with an appealing message.

Employee segmentation

Every employee is unique. Yet some employees have more in common than others. Employees who are more alike often want similar things in their work. So it is useful to distinguish such groups within your workforce. This can be done through employee segmentation.

Strategic Workforce Planning

The Intelligent Fleet Scowl

The Intelligent Fleet Watch

Often the immediate supervisor assesses the quality of employees by determining, on the one hand, the performance in the recent past (performance) and, on the other hand, the expected potential contribution in the near future (potential) on a scale and thus identifies the top talents. But when do you speak of moderate, sufficient or excellent potential? The intelligent fleet review offers a solution!

Recruiting bias check

Does everyone have an equal chance of being considered for a job? AnalitiQs' Recruitment bias check analyzes whether there are significant differences between groups of applicants and the ultimate probability of being hired for a job.
The job market is upside down and every organization does its utmost to attract good staff. Nevertheless, there is a large group of people in the Netherlands who want to work (more), but ultimately do not get this opportunity. CBS calls this unused labor potential.
In an organization, this can mean that certain groups of people, for example women or people with a different or bi-cultural background, have less chance of being hired. Alternatively, they may be hired but have to prove themselves first and are therefore lower graded. A direct cause of pay differences.

Data & AI

Workshop AI for HR

Do you recognize yourself in the following situation?
You're not sure if AI is just a hype, but you also feel like you should do something with it because if it’s not a hype, you don't want to miss the AI boat.
You've read a bit about AI, but it all remains very abstract. You need an explanation in simple, straightforward language.
You want to practice applying AI tools to HR topics such as employer branding, recruitment, diversity &amp; inclusion, engagement, and employment conditions in a playful and safe way.
In that case, the practical workshop "AI for HR" is something for you and your team!

BexerHamstra joins Highberg!

Highberg x BexerHamstra

Highberg is very happy to welcome 40 new Highbergers, experts in compensation, pensions and organizational design, as BexerHamstra joins our growing boutique consultancy.

Business Agility

From HR Business Partner to Transformation Consultant

Highberger Philippine den Brave

Philippine den Brave

Before Transformation Consultant Philippine den Brave joined Highberg, she gained extensive experience in the HR field at Danone and ING. Why did she decided to make this switch and how did Highberg supported her? Read about it in the interview down below.

Highberger Philippine den Brave: From HR to Transformation Consultant

Digital Strategy & Execution

Healthcare and Life Sciences

Financial Services

The Psychology of Change in Digital Transformation

The Psychology of Change

At Highberg Digital, we help our clients with their digital transformation journeys. Digital transformation can be seen as a journey that has an impact on the core of organizations and individuals. Each journey has its challenges and for digital transformation, it is the response of people to change. Some embrace the changes while others feel more comfortable with the well-known.

Kyra Koper

Culture Development

Fueling Growth: The Power of a Strong Feedback Culture

The Power of a Strong Feedback Culture

Employees truly are the backbone of every company. How successful a company is, comes mostly down to how well employees are performing. And for employees to perform well, they require feedback. 
In an organization where receiving feedback and giving is the norm, individual and organizational performance as employees feel more engaged and valued when they receive constructive feedback. This helps them identify areas for improvement and grow. As a result - greater organizational success. 
But how can your organization build such a feedback culture? 
This article explains:
▫️ the benefits of a strong feedback culture ▫️ provides practical steps to achieve it 
Keep reading to discover how feedback can fuel your workplace success.

Becoming an Transformation Consultant at Highberg: Partner Niels Groen

Becoming an Transformation Consultant

Niels Groen profile picture

Due to the great variety of projects in which Highberg is involved, it can be somewhat challenging to come up with an unambiguous explanation of how Highberg consultants deliver value to their clients. This can be particularly challenging for future candidates. To be able to explain this better, our Highberg consultant Mika Ambrose speaks interviewed one of our partners, Niels Groen. The most important thing you should know as a potential consultant at Highberg is how we deliver value, and how we make sure that we create a long-lasting impact.

Mika Ambrose

Niels Groen

Build your own CIA

Portfolio Performance Measurement #3

Portfolio Performance Measurement #3: Build your own CIA

Many business school classrooms echo with lectures on the value of precise, analytic approaches to management. Yet when we look at what’s happening all around us, there is a big gap between what we are taught and what we do in our own organizations. 
Measuring the value of we are delivering, and how we are delivering it, is not always obvious to leadership teams. A reason can be found in the varying opinions on measurement effectiveness in the first place. Some organizations are doing just fine without too much measurement. To others, these systems might seem more like a luxury than a necessity given their day-to-day worries. It is not seen as critical for survival, yet.

Koen Harbers

Logic, Design and Implementation

Organizing around Value Streams

organizing-around-value-streams-in-product-and-service-development

One of the key challenges for optimal competitive performance of organizations in the digital age is ensuring high speed of value delivery in product and service development. Faster delivery in development processes not only enables earlier return on investments, but also allows faster validation of the real value of product and service innovation so that investments in unsuccessful initiatives can be minimized. Organizing around ‘Value Streams’ is a key step to optimal value delivery in the shortest sustainable lead time.
In this Insight, the logic of organizing around Value Streams is explained, guidelines are given on how to design Value Streams, and a five-step implementation approach is provided.

Florian van Santen

Organizing around Value Streams in Product and Service Development

Drones in the Physical Environment

The Revolution of Data Acquisition

The Revolution of Data Acquisition: Drones in the Physical Environment

In a world where technological progress marks nearly every aspect of our daily lives, it's no surprise that the physical environment is exceptionally suited for innovative applications. We're witnessing the rise of smart sensors that monitor environmental quality, smart mobility solutions making city traffic more efficient, and the use of smart dust — minuscule sensors that collect detailed data about their surroundings. Moreover, the development of digital twins, where virtual replicas of physical environments are created for precise analysis and simulation, paves the way for the application of drones in the physical environment.

Irfan Ilahi

Case study 'Redesign HR Operating Model' NS

Highberg collaborated in a transformation with the HR Department of Dutch railroads on improving the HR service delivery model. Subsequently the HR Target Operating Model was newly developed. Read below about the context, approach, and the results which were achieved.

Mariëlle van Tilburg

Heiko van Eldijk

Case study: Redesign HR Operating Model for NS

Sustainability

Three reasons why as a CIO and CSO you should hold each other's hands

Why should CIO and CSO hold hands?

In my daily work in the field of responsible digitization, I see that sustainability and digitization have a lot in common. Both strive for value creation, involve substantive complexity, and require a similar search for ownership.

Anne van Esch

A Highberg Case study: Productization in Shell’s Cloud

Case study: Productization in Shell’s Cloud

A Highberg Case Study

Following Shell’s Enterprise Cloud Platform transformation journey from project to product.

Simon Atteveld

Most important obligations in the AI Act: how to comply now?

Break through in regulation of AI: The AI Act

This text is translated from Dutch with the help of AI - On December 8, 2023, the European Union reached a preliminary political agreement on the Artificial Intelligence Regulation (hereafter referred to as the AI Act). The final text is formal approved by the European Parliament. 20 days after official publication the AI Act will enter into force. This landmark legislation marks the EU's first step towards regulating artificial intelligence, targeting developers, distributors, and users of AI systems, including those systems used for predictions, classifications, and analyses.
The potential impact on governments and businesses deploying AI systems is significant. In this insight, we'll walk you through the key obligations, how they affect your organization, and proactive steps you can take to ensure compliance.

Sabine Steenwinkel-den Daas

Germany

France

Responsible AI: how to achieve AI fairness with understanding and mitigation bias by AI

Bias in AI Explained

This text is translated from Dutch with the help of AI - "Tell me honestly, what's your biggest fear when it comes to algorithms and AI?" When I ask people this question, the response often is, "AI-systems discriminate!" And of course, discriminating is far from desirable. But how do we ensure that algorithms don't discriminate?
First and foremost, it's important to understand that algorithms themselves do not discriminate. However, algorithms can be developed in ways that lead to unwanted or undesired distinctions in representation of groups in the result. This is commonly referred to as "bias" in technical terms. 
Essentially, if you have control over the bias within the algorithm, you also minimalize discrimination. In this insight, I will explain how to achieve this. Let's start by answering the question: What is bias?

Control AI risks and make impact: top criteria for responsible deployment of AI systems

In control of your AI systems

This text is translated from Dutch with the help of AI - Have you ever heard or said within your organization, "We're working with data/algorithms/AI" or "We have plenty of data initiatives, but scaling within the organization is challenging"? These questions all boil down to one main question: How do you ensure that you apply the right algorithms in the right way?

When is transparancy on AI sufficient? Comply to the AI Act with an algorithm registry?

Transparency with algorithm registry?

This article has been translated from Dutch with the help of AI: In an era where algorithms exert increasing influence on our daily lives, maintaining control over the latest developments and being transparent about them is more important than ever. This leads us to a crucial question: when is the openness and transparency surrounding these algorithms sufficient? The answer is not simple, because transparency goes beyond just registering the algorithm. In this article, we delve deeper into the steps needed to start working on transparent and responsible use of algorithms at 5 maturity levels.

Effective strategy execution with enterprise architecture

Effective strategy execution

Translating the business strategy into reality is a complex task. The majority of organizations fail to successfully implement their business strategy. What is the cause of this and can enterprise architecture provide a helping hand? Discover five scenarios where you can use enterprise architecture to increase the likelihood of successful strategy execution.

Arie van Nistelrooij

Security policies and frameworks for data pipelines in the public sector

Security policies and frameworks

Data pipelines are essential components of modern governmental operations. They facilitate the flow of information between (governmental) organizations, departments, and systems, ensuring efficient functioning of the government. With increasing digitization and data usage, vulnerabilities in the data pipeline have become a critical focus. In this blog, we explore the challenges, risks, and strategies for keeping government data pipelines secure.

Jousuf Mohamed

Stop looking in the rearview mirror. A plea for actionable metrics

A plea for actionable metrics

Portfolio Performance Measurement #2: Stop looking in the rearview mirror. A plea for actionable metrics

There is nothing wrong with looking in the rearview mirror. It is necessary. The obvious nuance being it should not be the only thing you do as you drive your car down a busy road. In our previous blog ‘<a href="https://highberg.com/insights/are-project-metrics-dead-a-quick-guide-to-lean-portfolio-measurement" target="_blank" rel="noreferrer noopener">Are Project Metrics Dead?’</a>, we introduced two insights aimed at broadening our view of metrics. If we want to continue the car analogy; it is not just the roads, or the other cars around, but also the speedometer plus a mindful eye on any blinking red lights trying to warn you of a future car failure. We hope these first two insights will lead you to a more holistic understanding of ‘portfolio performance’. 

With such a wide set of metrics to choose from comes the next challenge: what should we focus on? How to use them to effect? Building on our first 2 insights, with Insight 3 we introduce the distinction between leading and lagging indicators. Insight 4 takes us to goal setting and one of the more popular tools in strategy-execution today, Objectives Key Results.

Portfolio Performance Measurement Continued: A Plea for Actionable Metrics

Highberg's strategy against rising cybersecurity threats in industrial automation

ICS Security: setting new standards

Cybersecurity threats industrial automation (ICS/SCADA)

The world of Industrial Automation (IA) is increasingly facing cybersecurity threats. Not only foreign nuclear power plants have already been hacked, but also the first objects of our vital infrastructure. VKA has therefore developed a multidisciplinary approach to take IA to the desired higher level.

Huub Koninkx

Focus decision-making outside the boundaries of the program organization

Innovation in chains

Innovation in chains: focus decision-making outside the boundaries of the program organization

This past year I had the pleasure of being program manager for an ambitious "bottom up" initiative for exchange and reuse of soil data (chain computerization) of government and network operators. Many parties were involved such as municipalities and provinces but also dozens of (semi)private companies. At the time of writing this post, the program has temporarily stopped: the principals are looking for a way to regain funding and participation. In this blog, I briefly reflect on events and how additional measures can help this program - and other similar programs.

Ruud Boot

IT department, are you still there?

I Stock 1048358188

The world is changing rapidly, and with the advent of technological advancements, many organizations are being driven by digitization.
Within information provision (IT), also known as the IT department, it's no different. Think of the arrival of technologies like GenAI and Data Management. The business departments of an organization want to anticipate these changes.
To facilitate this, IT departments are facing increasingly greater challenges. They are often very busy ensuring the basics of their services are in order, passing audits, and meeting the year's forecasts. Due to this focus, there is often insufficient time to truly respond to all developments.
It's time to pull the handbrake, look around, and collaborate closely with the business.
Because I see more and more in practice that the business is following its own IV path. A path without the IT department. In this blog I describe in broad terms what you can do to make an active contribution to this as an IT department.

Jessica Drake Wetsteijn

An integrated architectural approach for robust ICS/SCADA security

Working in architecture

Pexels dominika roseclay 1239460

Last year showed how vulnerable our infrastructure sometimes is as a result of cyber attacks. For example, PETYA caused non-functioning cranes at Maersk's container terminal, and non-functioning sorting machines at TNT. Also recently, some banks have proved inaccessible due to a DDos attack. Until now, mostly technical and related organizational measures have been taken to deal with such cybersecurity threats. However, it is slowly dawning on us that reactive measures will not be sufficient in the future if we want to guarantee the continuity of such infrastructure. So how do we really get our Operational Technology (OT/ICS/SCADA) properly secured?

Stop muddling through and start working under architecture

Battling invisible cyber threats in our digital realm

That other pandemic...

Pexels tyler lastovich 396947

The Corona crisis has once again made us aware of the vulnerability of our (open) society. Yet we have known for much longer that vulnerability to viruses also lurks in an entirely different world; our digital society.

Rutger Gooszen

IT and I(I)OT are converging, now what, evolution or revolution?

IT and OT Fusion: managing change

IT and OT converging, how do we keep a grip on this (r) evolution?

IT and I(I)OT are converging, developments are accelerating, now what, evolution or revolution? 
Actually, there are 3 major developments happening simultaneously in the world of operational technology (OT). First, the number of business and management processes that require both office automation (IT) and OT to be available is growing; with or without interfaces between them. Applications are growing, but information security is not automatically growing with them. This makes a second development even more important, that of growing external threats, with most in the news ransomware, such as previously at Maersk, recently at the Gelderland security region. Last but not least, there is a new player in this domain, dubbed by someone the "IoT virus. It often starts with 'sensors,' but eventually it involves large data streams, which need to be controlled. Lots of potential but immature in terms of security, thus vulnerable. What should enterprise management do with this? Adapt quickly to these new developments, at the risk of making mistakes because of this speed? Opt for evolution or revolution? Our answer is 'both', but according to a controlled change approach, in which IT and OT are aligned, with a stepped Architecture process and appropriate Communication at each stakeholder level.

Discover the importance of data subject rights under the GDPR

Why the rights of data subjects are important

Waarom de rechten van betrokkenen onder de AVG zo belangrijk zijn

In today's digital world, personal data is everywhere. The General Data Protection Regulation (GDPR) grants individuals specific rights regarding their personal data. But why are these rights so important, even if people rarely actively use them?

Frank van Vonderen

Why the rights of data subjects under the GDPR are so important?

Discover the crucial privacy requirements to consider when selecting a SaaS provider

Privacy requirements for a SaaS supplier

Essentiële privacy eisen voor het kiezen van een Saa S leverancier

Choosing a SaaS provider is a decision that goes beyond just functionality and price. In a world where data is one of the most valuable assets of an organization, privacy and data protection are becoming increasingly important. But what are the key privacy requirements that a SaaS provider must meet?

Essential privacy requirements for choosing a SaaS supplier

Privacy by Design: protection at the heart of algorithms

Is Privacy by Design important in algorithms?

Privacy by Design: Protection at the heart of algorithms

What is Privacy by Design?

Privacy by Design is a strategy that focuses on integrating privacy protection into technological products and systems from the outset. This approach means that privacy is a fundamental part of the design process, rather than an addition or adjustment made afterwards.

How can organizations make privacy by design concrete and actionable?

Het concreet maken van Privacy by Design

Making Privacy by Design Concrete: Practical Steps for Implementation

In today's digital age, where data is ubiquitous and privacy concerns are at the forefront, incorporating privacy by design principles into the development of products and services is paramount. Privacy by design refers to the practice of considering privacy and data protection from the outset of the design process, rather than as an afterthought. But how can organizations make privacy by design concrete and actionable?

Are project metrics dead? A quick guide to Lean Portfolio Measurement

Are project metrics dead? 

Are-project-metrics-dead?

Do on-time, on-scope and on-budget metrics really have no place in modern, product-led, and agile-embracing organizations?

How do you measure the impact of a culture change?

Improve Employee Satisfaction

How to Improve Employee Satisfaction After Organizational Change

Changes within an organization, or even a reorganization, can have a significant impact on employees. Sometimes their role changes, they are placed in a different position or organizational unit, or they may need to undergo training to meet new requirements. But even if personnel changes are limited, there are still consequences for employees.
This was also the case with an organization in the cultural sector, where a new director had been appointed. He made several changes and opted for a more commercial approach. Some of these changes caused unrest among employees. The management wanted to address this unrest and therefore sought the assistance of Highberg.
Henrieke van Bommel is an Analytics Translator at Highberg and is eager to share about this process.

Interpreting and analyzing open-ended responses

Voice of the Employee Survey

Guille alvarez Ic I3 Fiz U9 Cw unsplash

How do you truly listen to your employees?
As an organization, you want your employees to enjoy their work. Happy employees ultimately lead to happy customers, and vice versa. Moreover, employees who are satisfied with their work and employer are more likely to stay with the organization longer. This is especially important now as the tightness of the labor market is strongly felt.
One way to measure the level of employee satisfaction is through an Employee Satisfaction Survey (ESS). This involves surveying employees with a set of questions, and repeating this process annually. Although almost every organization is familiar with an ESS, this traditional method of research is becoming less popular. This is mainly because the interval of a year is too long, creating, facilitating, filling out, and analyzing the surveys takes a lot of time, and all of this ultimately yields (too) little.
An alternative to the ESS is a Voice of the Employee Survey. With this approach, you focus on structured and continuous measurement, analysis, interpretation, and follow-up of the 'voice of the employee'. It concerns the experience of employees, or rather, the Employee Experience. When you know what the experience is and what influences it, you can respond accordingly.
This is exactly what a major insurer had in mind with their Voice of the Employee Survey. Alex Hellemons, Analytics Translator at Highberg, has guided this project and is keen to share more about it.

Alex Hellemons

Voice of the Employee Survey: interpreting and analyzing open-ended responses

Learn how your organization must act in the event of a data breach, under the GDPR

Navigating a data breach: step-by-step

A data breach is like an unexpected storm in the world of data protection. It can happen to anyone, but rest assured: the GDPR offers an umbrella in this storm. This blog guides you step by step through the process of managing a data breach according to the GDPR, so your organization can quickly become dry and safe again.

Organizations are required to keep such a register, what are the benefits?

Benefits of register of processing operations

What is a Record of Processing Activities (RoPA)?

What is a Record of Processing Activities (RoPA)?


A Record of Processing Activities is a detailed overview in which organizations document how personal data is processed. This includes information about the types of data collected, the purpose of the processing, with whom the data is shared, and how it is secured. According to the GDPR (General Data Protection Regulation), organizations are required to maintain such a record.

Information security in healthcare at Triade

Golden rules