NormNest solves compliance for Belgian SMBs

How NormNest improved ISO, GDPR, and NIS2 work internally and for clients with Cyberday.

Industry
IT
Company
NormNest
Visit website ->

Used Frameworks

Jeroen De Block wears several hats. As the CEO of CloudCom, he oversees a fast-growing Belgian IT services company. He’s also the founder of NormNest, a new consultancy focused on helping small and mid-sized companies meet compliance obligations. And through his third company, BizzApps, he supports clients with Microsoft Dynamics Business Central solutions.

Despite the variety, a common thread runs through his work: regulatory compliance. Between ISO 27001, GDPR, NIS2, and DORA requirements, Jeroen found himself juggling complex mandates, often with little automation or structure.

“We managed everything with Word documents and Excel sheets,” he explained. “That became hard to scale as our team grew.”

He needed a better way to delegate, track, and operationalize compliance.

Growing pains with document-based systems

CloudCom’s initial compliance setup worked, barely, when the company was small. But with rapid growth came complexity. Delegating compliance tasks across a 27-person team using static documents was inefficient and risky.

“Before Cyberday, everything was centralized with me. I was responsible for all tasks,” Jeroen said. “But as we grew, we needed every team to take ownership. The document-based system couldn’t handle that.”

The company began evaluating platforms, but quickly ran into two key issues: overly complex interfaces and a lack of alignment with EU-specific regulations.

“With most platforms, you're hit with 500 tasks right away. It's overwhelming. Cyberday’s step-by-step structure was a relief.”
NormNest working on compliance for clients

Distributed compliance, centralized in Cyberday

Cyberday became both a tool and a partner. After a demo, Jeroen saw that Cyberday’s support for EU legislation, like GDPR, NIS2, DORA and national frameworks, was far more aligned with the needs of companies operating in Belgium and across Europe.

“We needed a solution that includes EU frameworks by default,” he explained. “Some platforms just don’t go deep enough on things like NIS2 or Cybersecurity Fundamentals.”

Internally, CloudCom started by migrating its ISO 27001 compliance program. It was no small feat.

“It took six months,” Jeroen noted. “But it gave me a chance to re-evaluate everything: roles, policies, and processes. In the end, it was a healthy reset.”

Tasks are now delegated through Cyberday with Microsoft Teams integration. Employees get clear, timely notifications and responsibilities are clearly distributed.

“Cyberday made it possible to move from ‘I do everything’ to shared ownership.”

Why Cyberday? A better fit for EU SMBs

Several factors made Cyberday the standout choice:

“We started with ISO 27001. When I added new frameworks like DORA or NIS2, it showed I was already 30% done. That gave me the energy to keep going.”

How to utilize Cyberday

Risk-based compliance management

Your security team can automate risk assessments, linking mitigation actions directly to compliance requirements.

Seamless policy & documentation handling

Instead of juggling multiple spreadsheets and documents, our platform allows you to manage all policies, controls, and audit evidence in one place.

Automated reporting

Generating reports for audits and regulatory bodies is now quick and automated, reducing administrative overhead.

Extending Cyberday to clients

Through NormNest, Jeroen’s team offers compliance services to Belgian SMBs, with Cyberday as the backbone. Initially, Jeroen expected client adoption to be quick, but encountered early friction.

“Smaller companies in Belgium don’t take GDPR seriously. If you try to sell Cyberday just for that, they won’t buy.”

The breakthrough came when he stopped selling the platform directly. Instead, his team packaged compliance as a managed service, Trust-as-a-Service, with Cyberday baked in.

“We tell clients: here’s the solution, and Cyberday is part of it.”

This approach began bearing fruit. After months of slow uptake, NormNest landed four new Cyberday clients in just two months.

Ideal customers facing new rules

For Jeroen, the sweet spot is companies facing newer regulations like NIS2, where compliance processes don't exist yet .

“With ISO 27001, clients already have a system, and changing that is nearly impossible. But for NIS2, it’s new. They’ll adapt to a new system like Cyberday.”

That said, Cyberday isn’t for everyone. In his experience, larger fintech companies expect extreme customization and aren’t willing to adapt to Cyberday’s structured approach.

“They want the software to fit their way of working. On the other hand, Cyberday offers a ready-made structure and clear workflows. For SMBs that guidance is a big benefit, but for big banks, it’s a dealbreaker.”

Onboarding clients with purpose

Jeroen’s onboarding strategy reflects his consulting mindset. Every client engagement starts with a diagnostic scan using his own gap assessment tool. That forms the basis of a prioritized rollout plan.

“We ask: where are you now, where do you need to go? Then we highlight key topics and say: let’s fix these first in Cyberday.”

The usual starting point is GDPR, followed by higher-impact areas like NIS2 or ISO depending on the client.

“We don’t give the client 300 tasks at once. We say: here’s what matters most. Let’s start there.”

Scaling compliance with confidence

What started as a personal need to scale ISO compliance evolved into a full-service offering helping other companies do the same.

Jeroen’s team now uses Cyberday across CloudCom, NormNest, Bizzapps, and client projects. It’s the consistent foundation that lets them deliver compliance as a service efficiently, transparently, and at scale.

“Instead of tools, we sell trust. Cyberday is just the platform that makes that possible.”

Ready to simplify your compliance work?

Start your free trial of Cyberday and discover a smarter way to manage ISO, GDPR, NIS2, and more, step by step.

Get started today

Start free, in your familiar Teams environment.
If you have some questions first, book a meeting with us.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementDynamic policy documentsPrivacy management
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security