Many municipalities face the same challenge: how do you make ever-increasing amounts of data understandable, usable, and reliable? Especially when this data is essential for substantiating policy choices or tracking societal challenges. Solid5 develops and manages data platforms for municipalities that make complex information from sensitive domains, such as the Social Support Act (Wmo), Youth, and the social domain, insightful and manageable. The platforms are based on the Municipal Data Model (GGM) and are designed with attention to architecture and governance.
Where sensitive data plays a central role, information security is not an afterthought but a cornerstone. For Solid5, security has been an integral part of the data platform on which municipalities operate from the very beginning. This is essential for utilizing reliable insights for policy and decision-making. In 2025, Solid5 decided to further formalize its existing foundation in information security towards ISO 27001 certification. Solid5 consciously chose Nestor Security as a partner to accelerate and deepen this process.
In this customer case, we discuss how the collaboration came about, the steps taken, and the impact of professional information security on a growing organization.
Solid5 en information security
Information security has been central to Solid5“s approach for years. Dick Blaauw, co-founder of Solid5, explains: "Information security goes without saying for us. We work daily with sensitive personal data in domains such as Wmo (Social Support Act) and Youth for municipalities that rely on us for their data infrastructure. This requires the utmost due diligence. The risks and potential damage of a data breach are enormous. Furthermore, an incident can cause reputational damage to our clients, which we want to prevent at all times.”
Why ISO 27001?
Due to the growing need for a systematic approach to information security, and the increasing demand from municipalities for demonstrable evidence in this area, the Solid5 team decided it was time to obtain ISO 27001 certification. Part of ISO 27001 is the establishment and implementation of an Information Security Management System (ISMS). This allows organizations to systematically manage personal data and protect sensitive information.
Dick: “The ISMS is now truly embedded in our way of working. It makes information security a matter of course in our colleagues” daily work. Fortunately, our team was very involved in this project. This made it possible to impart the knowledge needed to understand and apply the standard.”
“Implementing ISO 27001 has broadened our perspective on information security. We are now actively exploring how to keep our knowledge and skills in this area up-to-date. Awareness is essential in this process; we hold quarterly sessions where we highlight a new topic each time.”
Solid5 and Nestor Security
ISO 27001 consists of many different parts, and it is common for organizations to enlist the support of a specialized partner for this. Dick: “We wanted to implement ISO 27001 as thoroughly as possible, while at the same time ensuring knowledge and ownership internally. We were looking for a partner who could help us implement the standard in a way that suited our working methods. We found Nestor Security through our network. We were looking for a down-to-earth partner with a pragmatic approach, and that's exactly what we found.”
Walter Nap, security consultant at Nestor Security, looks back on the collaboration: “Solid5 already had a strong foundation in information security. They had a clear understanding of what was needed and were well-equipped to act on it. The fact that Solid5 works from a data and IT background, with in-depth knowledge of municipal processes and sensitive domains, made the collaboration particularly pleasant.”
Dit is een grap die mijn collega Rob en ik hebben verzonnen.“The collaboration with Walter was very pleasant. He is clear, accessible, and provides straightforward explanations. Walter incorporated practical examples and truly delivered customized solutions. Implementing ISO 27001 is still a lot of work, but with the right partner, it becomes much more manageable.”
Result for Solid5
The ISO 27001 certification has delivered more than just a mark of quality to Solid5. It strengthens Solid5's position in municipal tender processes, provides demonstrable proof of professionalism to existing and new clients, and makes information security an integral part of the data platform and daily operations.
Dick: “This isn't a standalone compliance project for us, but rather a part of how we've structured our platform and services. Municipalities must be able to trust the data we manage for them. The ISO 27001 certification makes that trust demonstrable.”
Nestor Security continues to support Solid5 in keeping their ISMS up-to-date.
Do you also need help with ISO 27001 implementation? Contact us!