Master class

Masterclass Review Framework Information Security

In this master class, you will learn about the 2021 Assessment Framework (SURFaudit NBA model) so that you can properly carry out an assessment, for example in the context of the benchmark. With inspiring in-depth sessions and keynotes, you will be well prepared when you start working with the assessment framework.

Close-up student achter laptop met schrijfgerei op tafel
30 — 31 May 2023
30 May 10 am - 31 May 5 pm
SURF office, Utrecht


In higher education and mbo, the NBA Maturity Model for Information Security is used as the basis for the assessment framework for the information security benchmark.

Getting started with the Information Security Assessment Framework

The Information Security Assessment Framework master class will help you make the transition to this new assessment framework, and is also interesting for FGs, privacy officers and auditors. Under the guidance of expert Ludo Cuijpers, you will work hands-on with the statements from the NBA assessment framework. There is plenty of room to exchange experiences and discuss good practices with each other. In addition, inspiring keynotes and in-depth sessions are scheduled by various experts. In between, there will be plenty of opportunity for informal contact.


During the four sessions, we will discuss all fifteen domains of the NBA model. Below is the outline of the programme.



General introduction to the NBA model and Benchmark IB (SURF / MBO Digitaal)


Presentation on outsourcing and chain security (Niels Dutij, MBO Digitaal)
Domains NBA model covered: Human Resources, Supply Chain Management

10.30 Short break
11.45 Presentation governance and HRM (Ludo Cuijpers, ROC Nijmegen/ HAS green academy)
Domains NBA model covered: Governance, Organisation
13.00 Break + lunch
14.00 Presentation governance and HRM (Ludo Cuijpers, ROC Nijmegen/ HAS green academy)
Domains NBA model covered: Risk Management, System Development, Physical Security and Data Management
15.30 Break
15.45 Risk management presentation (Maurits Toet, IT auditor Cerrix)
Domains NBA model covered: Identity & Access Management and Assurance (Governance domain)
17.00 Dinner



Security management presentation (Hub Gerats, Fontys University of Applied Sciences)
Domains NBA model covered: Security Management, Business Continuity Management

13.00 Break + Lunch
14.00 - 17.00

Presentation configuration management, incident/change management, ITIL processes (Hub Gerats, Fontys University of Applied Sciences)
Domains NBA model covered: Configuration Management, Incident/Problem Management, Change Management, Computer Operations

Joint closing, exchanging experiences and conclusions

Registration and cancellation

Register for this master class no later than 23 May.
Registration is not free of obligation; please read the cancellation conditions for SURF meetings.

Number of participants

The maximum number of participants is 15; if there are fewer than 10 participants, the master class will not take place.


The costs are 500 euro per participant (excluding VAT). SURF will arrange the registration of the masterclasses. The SURF registration system only accepts direct payment (iDeal or credit card). After completing your registration, you will receive an e-mail as confirmation with the invoice attached.

Can't make it on this date?

This Masterclass will also be given on 20 September as a one-day online Masterclass and on 2 and 3 November as a two-day Masterclass. If you want to know more about these master classes, press one of the buttons for more information

More information on this 20 September Masterclass

More information on the 2-3 November master class