Time to get IT right
Proven solutions
for Dutch government IT.
Open frameworks, architectures, and tools — built in production, tested under real compliance pressure, and available for adoption.
These solutions were developed while serving as IT advisor and architect for Dutch municipalities. They address the specific challenges of public sector IT: fragmented application landscapes, complex compliance requirements, and the gap between policy ambition and technical reality. Each one is designed to be adopted, adapted, and extended.
The challenge
Why government IT modernization keeps stalling.
Compliance Overload
NIS2, BIO2, ISO 27001, AVG, WOO, Archiefwet, WCAG — each with its own requirements, audits, and reporting. Security teams drown in spreadsheets while actual security posture remains unclear.
Fragmented Landscapes
Tendering laws created application sprawl. Every department runs different systems. Data sits in silos. Integration is ad-hoc. Common Ground promises a way forward, but the migration path is unclear.
Transparency Pressure
Open Government legislation demands publication of documents, decisions, and correspondence. But archiving processes are manual, metadata is inconsistent, and email is a compliance black hole.
Solution
Frameworks built in production. Open for adoption.
Each solution addresses a specific government IT challenge. Some are open-source, all are battle-tested.
⬡ Open Source
LISA
Layered Information Security Architecture
LISA is a six-layer security control framework that bridges the gap between abstract compliance requirements and concrete technical implementations. Just as GEMMA, NORA, and PETRA provide reference architectures for municipalities, national government, and provinces, LISA provides a reference architecture for information security.
Built as an Obsidian knowledge base with dynamic Dataview dashboards, LISA turns security compliance from a spreadsheet exercise into a living, navigable system. Controls are linked to implementations, implementations to components, components to systems — creating full traceability from board-level governance down to server configuration.
Key numbers
231
Security controls
168
Baseline (comply or explain)
6
Architecture layers
7
Live dashboards
FRAMEWORK COVERAGE
ISO 27001 — 95%+
NIS2 — 100%
BIO2 — 95%+
CIS Controls v8
AVG / GDPR
NIST CSF
THE SIX LAYERS
- Governance — Board-level policies and risk appetite
- Security Requirements — 13 requirement domains (SR-1 to SR-13)
- Controls — 231 tactical controls with baseline classification
- Implementation — Control-to-component mapping
- Risk Management — Risk register with treatment tracking
- Audit & Assurance — Evidence, findings, and remediation
◈ FRAMEWORK + ARCHITECTURE
Open Government Platform
Publication portal, process design & policy framework
A complete solution for WOO (Wet Open Overheid) compliance — not just the publication portal, but the entire chain: document classification, metadata management, review workflows, redaction processes, and automated publication. Designed to handle 50,000+ documents per year while maintaining quality, consistency, and legal compliance.
Includes policy frameworks for what gets published, when, and how — turning ad-hoc transparency into a structured, auditable process. Designed for integration with existing DMS and archiving systems.
PROVEN IMPACT:
50K+
Documents / year
✓
WOO compliant
SOLUTION COMPONENTS:
- Publication portal — searchable, accessible, WCAG compliant
- Publishing process design — classification through publication
- Policy framework — what, when, how, and exceptions
- Metadata management — consistent tagging and categorization
- Integration patterns — DMS, email archive, and record management
LEGISLATION ADDRESSED:
WOO
Archiefwet
WCAG 2.1 AA
AVG / GDPR
△ Architecture
Email Archiving System
Compliance-grade email capture and publication
Email is the single largest blind spot in government transparency and records management. This architecture design provides automated capture, classification, and archiving of email correspondence for both Archiefwet compliance and WOO publication requirements.
Connects email infrastructure to document management and publication workflows, ensuring that correspondence is preserved, searchable, and publishable — without requiring staff to manually archive every message.
ARCHITECTURE CAPABILITIES:
- Automated email capture and journaling
- Classification engine — public, internal, confidential
- Metadata extraction and enrichment
- Integration with DMS and publication portal
- Retention policy enforcement
- Privacy-aware redaction workflows
LEGISLATION ADDRESSED:
Archiefwet
WOO
AVG / GDPR
△ Architecture
Common Ground DMS
Next-generation document management for municipalities
A document management system designed natively for the Common Ground architecture — component-based, API-first, and built around the principle that data belongs at the source. Unlike traditional monolithic DMS platforms, this design separates storage, metadata, access, and workflow into independent, reusable components
Includes the impact analysis and scenario planning used to evaluate Common Ground adoption — what changes, what stays, what the migration path looks like, and where the organizational impact hits hardest.
DESIGN PRINCIPLES:
- API-first — ZGW-compatible interfaces
- Data at the source — no unnecessary duplication
- Component-based — each function independently deployable
- Standards-based — TMLO, MDTO metadata profiles
- Migration-ready — coexistence with legacy DMS
COMMON GROUND ADVISORY:
- Impact analysis — organizational, technical, financial
- Migration scenarios — phased adoption strategies
- Architecture governance — standards and decision frameworks
- Vendor evaluation — component selection guidance
◈ Framework
Information & Metadata Management
Bringing structure to municipal information landscapes
Most government IT problems are fundamentally information management problems. Documents can’t be found. Systems don’t share data consistently. Metadata is incomplete, inconsistent, or absent entirely. This framework provides the governance, standards, and tooling to bring coherence to municipal information landscapes.
Covers classification schemes, metadata standards (TMLO/MDTO), quality management processes, and integration patterns — creating the foundation that publication, archiving, and search all depend on.
FRAMEWORK COMPONENTS:
- Classification scheme design — DSP-aligned
- Metadata standards — TMLO, MDTO compliance
- Quality management — validation and enrichment processes
- Data governance — roles, responsibilities, and workflows
- Integration architecture — cross-system consistency
- Migration strategy — legacy data normalization
ADOPTION APPROACH
Built here. Adapted for you.
These aren’t theoretical frameworks — they were built under real constraints and real deadlines. Here’s how adoption typically works.
01
Assess:
We map your current landscape against the solution. What do you already have? What’s the gap? Where does adoption create the most value with the least disruption
02
Adapt:
No two municipalities are identical. We tailor the framework to your organization — your systems, your team, your compliance context, your political reality.
03
Transfer:
The goal is ownership, not dependency. I implement alongside your team, document everything, and ensure you can maintain and evolve the solution independently.
Time to get IT right.
Facing the same challenges?
Every Dutch municipality deals with these problems. The difference is whether you build from scratch or build on proven foundations. Let’s talk about what makes sense for your organization.