{"id":21460,"date":"2024-10-01T16:15:23","date_gmt":"2024-10-01T14:15:23","guid":{"rendered":"https:\/\/brandcompliance.com\/?post_type=docs&#038;p=21460"},"modified":"2026-03-23T12:57:44","modified_gmt":"2026-03-23T11:57:44","password":"","slug":"operationele-capaciteiten","status":"publish","type":"docs","link":"https:\/\/brandcompliance.com\/nl\/docs\/operationele-capaciteiten\/","title":{"rendered":"Operationele Capaciteiten: De Ruggengraat van Informatiebeveiliging"},"content":{"rendered":"<p>In de wereld van <a href=\"https:\/\/brandcompliance.com\/informatiebeveiliging\/\">informatiebeveiliging<\/a> wordt vaak gesproken over beheersmaatregelen en controles. Deze maatregelen vormen de bouwstenen van een beveiligingsbeleid dat organisaties helpt hun informatie te beschermen. Maar er is een dieperliggende laag die net zo belangrijk is: operationele capaciteiten.<\/p>\n<p>In deze blog leggen we uit wat operationele capaciteiten (OC&#8217;s) zijn en hoe ze worden geclassificeerd volgens de ISO 27002:2022. We vertellen ook waarom Brand Compliance haar <a href=\"https:\/\/brandcompliance.com\/iso-27001-audit\/\">ISO 27001-audits<\/a> baseert op deze capaciteiten in plaats van op individuele beheersmaatregelen.<\/p>\n<h2><img decoding=\"async\" class=\"alignright size-medium wp-image-21461\" src=\"https:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/10\/Operationele-Capaciteiten-300x169.webp\" alt=\"Operationele Capaciteiten\" width=\"300\" height=\"169\" srcset=\"https:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/10\/Operationele-Capaciteiten-300x169.webp 300w, https:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/10\/Operationele-Capaciteiten-360x203.webp 360w, https:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/10\/Operationele-Capaciteiten.webp 600w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>Wat zijn operationele capaciteiten?<\/h2>\n<p><span class=\"TrackedChange SCXW260091102 BCX8\"><span class=\"TextRun SCXW260091102 BCX8\" lang=\"NL-NL\" xml:lang=\"NL-NL\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW260091102 BCX8\">Operationele capaciteiten vormen een attribuut om beheersmaatregelen te bekijken vanuit het perspectief van professionals op informatiebeveiligingscapaciteiten.<\/span><\/span><\/span> <span class=\"TextRun SCXW260091102 BCX8\" lang=\"NL-NL\" xml:lang=\"NL-NL\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW260091102 BCX8\">Ze <\/span><\/span><span class=\"TrackedChange SCXW260091102 BCX8\"><span class=\"TextRun SCXW260091102 BCX8\" lang=\"NL-NL\" xml:lang=\"NL-NL\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW260091102 BCX8\">kunnen de basis <\/span><\/span><\/span><span class=\"TextRun SCXW260091102 BCX8\" lang=\"NL-NL\" xml:lang=\"NL-NL\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW260091102 BCX8\">vormen <\/span><\/span><span class=\"TextRun SCXW260091102 BCX8\" lang=\"NL-NL\" xml:lang=\"NL-NL\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW260091102 BCX8\">waarop de beveiligingsmaatregelen van een organisatie worden gebouwd. <\/span><\/span><span class=\"EOP SCXW260091102 BCX8\" data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p>Operationele capaciteiten omvatten onder andere:<\/p>\n<ul>\n<li>Technologische middelen: De hardware en software die nodig zijn om beveiligingsmaatregelen te implementeren en te ondersteunen.<\/li>\n<li>Menselijke resources: De vaardigheden, kennis en beschikbaarheid van personeel om de benodigde maatregelen effectief te beheren en uitvoeren.<\/li>\n<li>Operationele processen: De procedures en workflows die zijn ontworpen om beveiligingsmaatregelen consistent en herhaalbaar uit te voeren.<\/li>\n<li>Fysieke faciliteiten: De fysieke beveiliging en omgeving waarin IT-systemen worden beheerd en opgeslagen.<\/li>\n<\/ul>\n<h2>Welke soorten operationele capaciteiten kent de ISO 27002:2022?<\/h2>\n<p>De ISO 27002:2022 benadrukt een breed scala aan operationele capaciteiten die nodig zijn voor een effectief informatiebeveiligingsmanagementsysteem (ISMS). De norm verdeelt deze capaciteiten in verschillende categorie\u00ebn.<\/p>\n<p>Hieronder enkele voorbeelden:<\/p>\n<ul>\n<li>Toegang tot systemen en data: Beheersing van wie toegang heeft tot systemen en gegevens, en onder welke omstandigheden.<\/li>\n<li>Communicatiebeveiliging: Bescherming van de integriteit en vertrouwelijkheid van informatie tijdens transmissie.<\/li>\n<li>Incidentbeheer: De capaciteiten om beveiligingsincidenten te detecteren, erop te reageren en ervan te herstellen.<\/li>\n<li>Continu\u00efteitsbeheer: De capaciteit om kritieke functies voort te zetten in het geval van een verstoring of ramp.<\/li>\n<li>Leveranciersbeheer: Het waarborgen dat derde partijen voldoen aan de beveiligingseisen van de organisatie.<\/li>\n<\/ul>\n<h2>Wat is de samenhang tussen operationele capaciteiten en individuele beheersmaatregelen?<\/h2>\n<p>Individuele beheersmaatregelen zijn specifieke acties of controles die worden ge\u00efmplementeerd om een bepaald beveiligingsdoel te bereiken. Operationele capaciteiten bieden de infrastructuur en middelen om deze beheersmaatregelen effectief te maken.<\/p>\n<p>De effectiviteit van de maatregelen hangt af van de kwaliteit van de operationele capaciteiten, zoals:<\/p>\n<ul>\n<li>De beschikbaarheid van getraind personeel om toegangsverzoeken te beheren en te controleren;<\/li>\n<li>Processen voor het regelmatig herzien en updaten van toegangsrechten;<\/li>\n<li>Technologie\u00ebn die multifactor-authenticatie ondersteunen.<\/li>\n<\/ul>\n<p>Zonder de juiste OC&#8217;s zouden de beheersmaatregelen kunnen falen, ongeacht hoe goed ze op papier zijn ontworpen.<\/p>\n<h3>Auditen op basis van operationele capaciteiten<\/h3>\n<p>Waarom is Brand Compliance overgegaan om een ISMS op basis van operationele capaciteiten te auditen in plaats van op beheersmaatregelen?\u00a0Brand Compliance gebruikt de structuur van operationele capaciteiten om audits te plannen en te rapporteren. Operationele capaciteiten kunnen daarnaast een completer beeld bieden van de effectiviteit van een informatiebeveiligingsmanagementsysteem.<\/p>\n<p>Door <a href=\"https:\/\/brandcompliance.com\/docs\/interne-of-externe-audit\/\">audits<\/a> te richten op OC&#8217;s, biedt Brand Compliance een diepere en bredere beoordeling van de beveiliging binnen een organisatie, wat leidt tot een meer veerkrachtige en beveiligde operationele omgeving.<\/p>\n<h3>Geen kennisartikelen missen?<\/h3>\n<p>Vul uw gegevens in en u ontvangt regelmatig een update met onze nieuwste artikelen.<\/p>\n<script>\nvar gform;gform||(document.addEventListener(\"gform_main_scripts_loaded\",function(){gform.scriptsLoaded=!0}),document.addEventListener(\"gform\/theme\/scripts_loaded\",function(){gform.themeScriptsLoaded=!0}),window.addEventListener(\"DOMContentLoaded\",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,themeScriptsLoaded:!1,isFormEditor:()=>\"function\"==typeof InitializeEditor,callIfLoaded:function(o){return!(!gform.domLoaded||!gform.scriptsLoaded||!gform.themeScriptsLoaded&&!gform.isFormEditor()||(gform.isFormEditor()&&console.warn(\"The use of gform.initializeOnLoaded() is deprecated in the form editor context and will be removed in Gravity Forms 3.1.\"),o(),0))},initializeOnLoaded:function(o){gform.callIfLoaded(o)||(document.addEventListener(\"gform_main_scripts_loaded\",()=>{gform.scriptsLoaded=!0,gform.callIfLoaded(o)}),document.addEventListener(\"gform\/theme\/scripts_loaded\",()=>{gform.themeScriptsLoaded=!0,gform.callIfLoaded(o)}),window.addEventListener(\"DOMContentLoaded\",()=>{gform.domLoaded=!0,gform.callIfLoaded(o)}))},hooks:{action:{},filter:{}},addAction:function(o,r,e,t){gform.addHook(\"action\",o,r,e,t)},addFilter:function(o,r,e,t){gform.addHook(\"filter\",o,r,e,t)},doAction:function(o){gform.doHook(\"action\",o,arguments)},applyFilters:function(o){return gform.doHook(\"filter\",o,arguments)},removeAction:function(o,r){gform.removeHook(\"action\",o,r)},removeFilter:function(o,r,e){gform.removeHook(\"filter\",o,r,e)},addHook:function(o,r,e,t,n){null==gform.hooks[o][r]&&(gform.hooks[o][r]=[]);var d=gform.hooks[o][r];null==n&&(n=r+\"_\"+d.length),gform.hooks[o][r].push({tag:n,callable:e,priority:t=null==t?10:t})},doHook:function(r,o,e){var t;if(e=Array.prototype.slice.call(e,1),null!=gform.hooks[r][o]&&((o=gform.hooks[r][o]).sort(function(o,r){return o.priority-r.priority}),o.forEach(function(o){\"function\"!=typeof(t=o.callable)&&(t=window[t]),\"action\"==r?t.apply(null,e):e[0]=t.apply(null,e)})),\"filter\"==r)return e[0]},removeHook:function(o,r,t,n){var e;null!=gform.hooks[o][r]&&(e=(e=gform.hooks[o][r]).filter(function(o,r,e){return!!(null!=n&&n!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][r]=e)}});\n<\/script>\n\n                <div class='gf_browser_gecko gform_wrapper gform_legacy_markup_wrapper gform-theme--no-framework' data-form-theme='legacy' data-form-index='0' id='gform_wrapper_81' ><form method='post' enctype='multipart\/form-data'  id='gform_81'  action='\/nl\/wp-json\/wp\/v2\/docs\/21460' data-formid='81' novalidate>\t\t\t\t\t<div style=\"display: none !important;\" class=\"akismet-fields-container gf_invisible\" data-prefix=\"ak_\">\n\t\t\t\t\t\t<label>&#916;<textarea name=\"ak_hp_textarea\" cols=\"45\" rows=\"8\" maxlength=\"100\"><\/textarea><\/label>\n\t\t\t\t\t\t<input type=\"hidden\" id=\"ak_js_1\" name=\"ak_js\" value=\"184\" \/>\n\t\t\t\t\t\t<script>\ndocument.getElementById( \"ak_js_1\" ).setAttribute( \"value\", ( new Date() ).getTime() );\n<\/script>\n\n\t\t\t\t\t<\/div>\n                        <div class='gform-body gform_body'><ul id='gform_fields_81' class='gform_fields top_label form_sublabel_below description_below validation_below'><li id=\"field_81_2\" class=\"gfield gfield--type-honeypot gform_validation_container field_sublabel_below gfield--has-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_81_2'>Instagram<\/label><div class='ginput_container'><input name='input_2' id='input_81_2' type='text' value='' autocomplete='new-password'\/><\/div><div class='gfield_description' id='gfield_description_81_2'>Dit veld is bedoeld voor validatiedoeleinden en moet niet worden gewijzigd.<\/div><\/li><li id=\"field_81_1\" class=\"gfield gfield--type-email gfield--input-type-email gfield_contains_required field_sublabel_below gfield--no-description field_description_below hidden_label field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_81_1'>E-mailadres<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_asterisk\">*<\/span><\/span><\/label><div class='ginput_container ginput_container_email'>\n                            <input name='input_1' id='input_81_1' type='email' value='' class='large'   placeholder='E-mailadres' aria-required=\"true\" aria-invalid=\"false\"  \/>\n                        <\/div><\/li><\/ul><\/div>\n        <div class='gform-footer gform_footer top_label'> <input type='submit' id='gform_submit_button_81' class='gform_button button' onclick='gform.submission.handleButtonClick(this);' data-submission-type='submit' value='Aanmelden'  \/> \n            <input type='hidden' class='gform_hidden' name='gform_submission_method' data-js='gform_submission_method_81' value='postback' \/>\n            <input type='hidden' class='gform_hidden' name='gform_theme' data-js='gform_theme_81' id='gform_theme_81' value='legacy' \/>\n            <input type='hidden' class='gform_hidden' name='gform_style_settings' data-js='gform_style_settings_81' id='gform_style_settings_81' value='[]' \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_81' value='1' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='81' \/>\n            \n            <input type='hidden' class='gform_hidden' name='gform_currency' data-currency='EUR' value='y3xf756HhLjdP0j5+CrHYbz\/haoWRdenBL5YMntYoA8IL5UJKD8\/uDveZHANbQ0O6xxtzvDu\/3AhF2TXeAbUx9GW4zxPk64gM8SGQ\/fbFzAMTHw=' \/>\n            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/>\n            <input type='hidden' class='gform_hidden' name='state_81' value='WyJbXSIsIjM5YzdlY2E2OTI1ZmE0YjAxMDJlNDBmYmZjMjY5YzcwIl0=' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_target_page_number_81' id='gform_target_page_number_81' value='0' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_source_page_number_81' id='gform_source_page_number_81' value='1' \/>\n            <input type='hidden' name='gform_field_values' value='' \/>\n            \n        <\/div>\n                        <\/form>\n                        <\/div><script>\ngform.initializeOnLoaded( function() {gformInitSpinner( 81, 'https:\/\/brandcompliance.com\/wp-content\/plugins\/gravityforms\/images\/spinner.svg', true );jQuery('#gform_ajax_frame_81').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_81');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_81').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){jQuery('#gform_wrapper_81').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_81').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_81').removeClass('gform_validation_error');}setTimeout( function() { \/* delay the scroll by 50 milliseconds to fix a bug in chrome *\/  }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_81').val();gformInitSpinner( 81, 'https:\/\/brandcompliance.com\/wp-content\/plugins\/gravityforms\/images\/spinner.svg', true );jQuery(document).trigger('gform_page_loaded', [81, current_page]);window['gf_submitting_81'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}jQuery('#gform_wrapper_81').replaceWith(confirmation_content);jQuery(document).trigger('gform_confirmation_loaded', [81]);window['gf_submitting_81'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_81').text());}else{jQuery('#gform_81').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger(\"gform_pre_post_render\", [{ formId: \"81\", currentPage: \"current_page\", abort: function() { this.preventDefault(); } }]);        if (event && event.defaultPrevented) {                return;        }        const gformWrapperDiv = document.getElementById( \"gform_wrapper_81\" );        if ( gformWrapperDiv ) {            const visibilitySpan = document.createElement( \"span\" );            visibilitySpan.id = \"gform_visibility_test_81\";            gformWrapperDiv.insertAdjacentElement( \"afterend\", visibilitySpan );        }        const visibilityTestDiv = document.getElementById( \"gform_visibility_test_81\" );        let postRenderFired = false;        function triggerPostRender() {            if ( postRenderFired ) {                return;            }            postRenderFired = true;            gform.core.triggerPostRenderEvents( 81, current_page );            if ( visibilityTestDiv ) {                visibilityTestDiv.parentNode.removeChild( visibilityTestDiv );            }        }        function debounce( func, wait, immediate ) {            var timeout;            return function() {                var context = this, args = arguments;                var later = function() {                    timeout = null;                    if ( !immediate ) func.apply( context, args );                };                var callNow = immediate && !timeout;                clearTimeout( timeout );                timeout = setTimeout( later, wait );                if ( callNow ) func.apply( context, args );            };        }        const debouncedTriggerPostRender = debounce( function() {            triggerPostRender();        }, 200 );        if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) {            const observer = new MutationObserver( ( mutations ) => {                mutations.forEach( ( mutation ) => {                    if ( mutation.type === 'attributes' && visibilityTestDiv.offsetParent !== null ) {                        debouncedTriggerPostRender();                        observer.disconnect();                    }                });            });            observer.observe( document.body, {                attributes: true,                childList: false,                subtree: true,                attributeFilter: [ 'style', 'class' ],            });        } else {            triggerPostRender();        }    } );} );\n<\/script>\n\n","protected":false},"excerpt":{"rendered":"<p>In de wereld van informatiebeveiliging wordt vaak gesproken over beheersmaatregelen en controles. Deze maatregelen vormen de bouwstenen van een beveiligingsbeleid dat organisaties helpt hun informatie&#8230;<\/p>\n","protected":false},"author":6,"featured_media":21461,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"doc_category":[2344],"doc_tag":[],"class_list":["post-21460","docs","type-docs","status-publish","has-post-thumbnail","hentry","doc_category-audits-informatiebeveiliging"],"acf":[],"year_month":"2026-06","word_count":496,"total_views":"3668","reactions":{"happy":"0","normal":"0","sad":"0"},"author_info":{"name":"Anika","author_nicename":"anika","author_url":"https:\/\/brandcompliance.com\/nl\/author\/anika\/"},"doc_category_info":[{"term_name":"Audits Informatiebeveiliging","term_url":"https:\/\/brandcompliance.com\/nl\/docs-category\/audits-informatiebeveiliging\/"}],"doc_tag_info":[],"knowledge_base_info":[],"knowledge_base_slug":[],"_links":{"self":[{"href":"https:\/\/brandcompliance.com\/nl\/wp-json\/wp\/v2\/docs\/21460","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brandcompliance.com\/nl\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/brandcompliance.com\/nl\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/brandcompliance.com\/nl\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/brandcompliance.com\/nl\/wp-json\/wp\/v2\/comments?post=21460"}],"version-history":[{"count":1,"href":"https:\/\/brandcompliance.com\/nl\/wp-json\/wp\/v2\/docs\/21460\/revisions"}],"predecessor-version":[{"id":25790,"href":"https:\/\/brandcompliance.com\/nl\/wp-json\/wp\/v2\/docs\/21460\/revisions\/25790"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/brandcompliance.com\/nl\/wp-json\/wp\/v2\/media\/21461"}],"wp:attachment":[{"href":"https:\/\/brandcompliance.com\/nl\/wp-json\/wp\/v2\/media?parent=21460"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/brandcompliance.com\/nl\/wp-json\/wp\/v2\/doc_category?post=21460"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/brandcompliance.com\/nl\/wp-json\/wp\/v2\/doc_tag?post=21460"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}