Digital transformation isn't just about implementing new technology—it's about understanding processes and bringing people along for the journey. That's where business analysts come in. They're the vital link between business and IT, bringing structure, clarity and direction to change initiatives. Let me share what I've learned about making business analysis truly powerful in digital transformation projects.

‍

From "What do you want?" to "What's the real problem?"

‍

It all starts with listening. A good business analyst doesn't ask five questions, they ask hundreds. In my experience, when someone says "this is what we want," that's just the tip of the iceberg. You need to dig deeper: "What's the actual problem we're trying to solve?" That means listening, probing, and sometimes challenging people—not to be difficult, but to get to the heart of the matter. The better you understand the problem, the more efficient your solution will be.

‍

Building bridges between business and IT

‍

Digital transformation only succeeds when business and IT truly understand each other. I've seen it time and again: these two worlds speak completely different languages. The business analyst is the bridge-builder, understanding what IT needs to get started whilst grasping the challenges and requirements facing the business. This bridging role demands careful listening, translation and connection. It's how you avoid misunderstandings and build digital solutions that genuinely fit your organisation's needs, ways of working and ambitions.

‍

What does a business analyst actually do?

‍

Process mapping: Documenting how things work today (AS IS) and how they could work better (TO BE). This analysis exposes bottlenecks and helps streamline and improve current operations.

Defining business requirements: Determining what needs to change, why it matters, and in what order.

Supporting tool selection: Gathering requirements, managing RFPs, evaluating vendors and helping identify the right fit.

Documenting, aligning and adjusting: A business analyst maintains the overview whilst diving into the details. You need to spot patterns, understand dependencies and assess impact.

‍

Working with diverse stakeholders

‍

Being a business analyst isn't just about mapping processes. What makes my work varied, and demanding, is navigating between vastly different stakeholders. One day you're speaking with a team leader focused entirely on operational processes, the next you're discussing API integrations or business rules with developers, and that same afternoon you're exploring system and process interactions with the business architect.

‍

Success hinges on adapting your communication to your audience: knowing who you're speaking with, when, and in what language. Thorough preparation helps you choose the right approach for the right people. It's about sensing when technical depth is needed and when a visual representation will be more effective.

‍

The power of soft skills

‍

Business analysis isn't just about knowledge and technical content. It's about bringing people with you—and that's where soft skills make all the difference. Which ones matter most to me?

‍

Active listening is how you truly understand how the business works. By asking open questions and regularly summarising what you've heard, you build trust and uncover information that genuinely matters.

Critical thinking means not accepting everything at face value. I've learned to probe deeper, make connections and have the courage to say when something won't work. That's how you maintain solution quality and avoid blind spots.

Empathy allows you to see things from different stakeholders' perspectives. It helps me build support and turn resistance into engagement.

Pragmatism helps me find workable solutions even when the ideal scenario isn't feasible. I always think in steps, stay realistic and keep the organisation's context front of mind.

Flexibility enables me to adapt to changing circumstances, priorities and insights. No project runs exactly as planned, so being able to pivot is crucial for any business analyst.

‍

These soft skills are essential. You can learn technical capabilities, but you only earn trust through how you work, communicate and collaborate.

‍

Trust: the foundation of change

‍

Building trust is probably the most underrated skill a business analyst can have. From day one, you need to be professional, well-prepared and empathetic. By involving people, making small wins visible, understanding their language and then speaking it yourself, you create the support needed for lasting change.

‍

My key lesson

‍

My experience shows that business analysis isn't a supporting role but the foundation of every successful digital transformation. With the right combination of analytical insight, communication skills and trust-building, you can move from insight to action and from strategy to execution.

‍

Our role connects IT and business, shaping the optimal way of working for any organisation. It's challenging work, but every day you see how organisations need clear insights to build future-ready digital solutions.

‍

Business analysts in action: our projects

‍

Our business analysts play pivotal roles in diverse digital transformation projects, including:

Banking – Digitalising the 'Close Account' journey, including analysis and redesign, mapping all touchpoints, creating a roadmap and delivering a scalable MVP.

Maritime – Implementing a resource planning tool, analysing AS IS/TO BE processes, documenting integrations, working closely with engineers and supporting data migration.

Insurance – Developing a new broker portal in Salesforce, streamlining processes and improving collaboration with intermediaries.

Automotive – Transitioning to a new Salesforce platform for car repair management, identifying and optimising all relevant business processes.

‍

These projects illustrate how our business analysts bridge business and IT to make digital transformations genuinely succeed.

Want to discover how we can support your organisation with similar challenges? Get in touch for an exploratory conversation.

‍

Are you a business analyst keen to make an impact on challenging projects? We'd love to meet you!

‍

When you're responsible for managing the personal data of millions of people, simply thinking "it's secure" simply won't cut it. That's precisely why we engage ethical hackers every year to actively try and breach our CustomerConnect platform. And yes, without fail, they always manage to find something.

‍

That might sound alarming, but that’s entirely the point. What separates a truly secure organisation from one that isn't? It's not about pre-empting every conceivable vulnerability—that’s just a digital fantasy in our complex world.

‍

The true difference lies in how rigorously you approach security, how proactively you hunt for weak spots, and how swiftly you rectify them when they surface.

‍

The weight of processing sensitive data

‍

Harmony CustomerConnect serves, among other things, as the central nervous system for communication between major Dutch health insurers and their policyholders. Other major firms, like the Dutch Postcode Lottery, also rely on the platform.

‍

We don’t take that level of trust lightly. When organisations hand over data to us via secure channels, they need to have implicit faith that we will protect that information as if it were our own most sensitive corporate secrets.

‍

How do you put a complex ecosystem to the test?

‍

CustomerConnect is a sophisticated platform: it liaises with external service providers, processes structured data from client back-office systems, and is accessible via a secure web interface with modern authentication.

‍

A system this intricate can't be tested with a bog-standard checklist. That's why we partner with specialist external penetration testing (pentest) firms. They meticulously scrutinise the entire platform using internationally recognised methodologies, such as the Pentest Execution Standard (PTES) and the OWASP Testing Guide.

‍

Multiple testing perspectives

‍

We test our platform from various angles to build the most comprehensive picture possible of our security posture:

‍

• The Outsider: Pentesters initially only receive publicly available information—mimicking the resources a malicious actor would have. No login details, no background on the architecture. The question is simple but stark: can someone from the outside break through our defences?
  ‍
• The Insider Threat: In a subsequent phase, pentesters are given legitimate access rights, comparable to a regular platform user. This simulates a compromised account or a malicious insider. The crucial question here is: are our different client environments genuinely segregated? Can a user from Company A gain access to Company B’s data? Are users strictly limited to their appropriate permissions?
  ‍
• Configuration Review: We commission a thorough review of our configurations and our connections with external service providers. How do we transmit data to our partners? Are our connections correctly secured? Are we deploying the appropriate encryption standards for all data transfers? These reviews don’t involve active penetration but are equally vital. An incorrect configuration can lead to a data breach just as easily as a flaw in the code itself.
  ‍

What We Find (and How We Action It)
‍

Every year, a penetration test yields findings. These range from vulnerabilities demanding immediate attention to 'best practice' recommendations that simply further strengthen the security posture.

‍

The key takeaway isn't if findings appear—they always will—but how you address them. At Harmony Group, we maintain a stringent remediation roadmap.

‍

A concrete example of our process: when a significant finding is confirmed, it is allocated to our development team’s sprint within a matter of days. We then schedule a mandatory retest to validate the fix. The final report is only officially closed once that retest gives an approving result.

‍

This speed of action is non-negotiable. A vulnerability you are aware of but fail to resolve is, in essence, a conscious decision to carry risk. And that fundamentally contradicts the responsibility we hold for the data of millions of policyholders.

‍

Certifications: More Than Just a Piece of Paper

‍

Penetration tests are just one element of a much wider security framework. Harmony Group holds certifications for two critically important standards:

‍

• ISO 27001: This is the global standard for Information Security Management. It outlines what organisations must have in place to handle data safely: policy, procedures, technical controls, access management, incident handling, and risk analysis. ISO 27001 certification forms the essential baseline for any software provider handling business-critical data.
  ‍
• NEN 7510: This is the specific Dutch standard for information security management in the healthcare sector. It was developed to support healthcare institutions and their suppliers with the secure processing of patient data, adding extra, stringent requirements derived from Dutch law and the exceptional sensitivity of medical records.
  ‍

Beyond these certifications, we also have an independent assurance statement prepared by an accountant. This confirms that we don't just have documented procedures; we actively execute them. The accountant verifies that our control measures function exactly as intended in a real-world setting. It’s the difference between saying "we do it" and being able to prove "we've done it."
‍

For our clients, who often have stringent compliance demands of their own, these certifications and assurance reports are a vital source of trust.
‍

Security Is a Team Sport

‍

Security is not the sole domain of one individual within our organisation. At Harmony Group, it’s a genuine collaboration across multiple disciplines:

‍

• Our CustomerConnect Team handles the day-to-day development and management of the platform. They are intimately familiar with every function, every integration, and every data flow. When a finding comes in, they are the ones who design, implement, and test the fix.
  ‍
• Our Security & Privacy Officer coordinates the pentests, assesses findings from a risk perspective, and ensures the remediation roadmap is strictly adhered to. This role also oversees compliance with ISO 27001, NEN 7510, ISAE 3000, and other relevant regulations such as GDPR.
  ‍
• Our Infrastructure Partners provide the underlying cloud environment, network segmentation, firewalls, and all other infrastructural security layers. Many modern attacks target the infrastructure itself, not just the application. These partners must meet security standards that are at least as demanding as our own.
  ‍
• And, of course, the External Pentest Partner who scrutinises the entire picture with an independent, highly critical eye.
  ‍

This multidisciplinary approach ensures we view security not just as a technical hurdle, but as an organisational responsibility that involves every single person.

‍

Transparency as the bedrock of trust
‍

We could easily have written this piece without mentioning that vulnerabilities are ever found. We could simply settle for external communication stating, "we are ISO certified and carry out the necessary pentests," without offering any detail. We choose not to do that.
‍

The reality is that every complex software system contains vulnerabilities. The right question isn't whether you have them, but whether you can find them before malicious actors do. And once you find them, do you then act quickly and effectively?

‍

By being upfront about our security approach—including the fact that we find vulnerabilities and then resolve them—we hope to build trust, not undermine it. Because genuine security is not a marketing slogan; it is a profound, continuous commitment.

‍

For any organisation considering using CustomerConnect, this is perhaps the most critical signal: we take security so seriously that we actively hunt for issues, have it rigorously tested externally, and are transparent about our methods. That is fundamentally different from organisations that only take action after an incident has already occurred.

‍

Finally: security is never 'done'

‍

There will never be a time when we can confidently declare: "CustomerConnect is now 100% secure; we can stop." Security is not an endpoint; it is a process. A perpetual cycle of testing, learning, improving, and testing again.

‍

What we can promise is this: we take this responsibility with the utmost gravity. We invest in pentests, certifications, training, and tooling. We are fully transparent in our approach. And we move with speed and decisiveness when action is required.

‍

For the millions of people whose data is processed via CustomerConnect, for the clients who place their faith in us, and for the service providers we work alongside: that commitment is our unwavering promise.

‍

Want to know more about how CustomerConnect makes communication between businesses and clients safer, more efficient, and more reliable? Discover our client communication solutions.

‍

When digital transformation (DX) processes are difficult, this is certainly not always due to technical or budgetary restrictions. In fact, when we search for data points, we've recently seen that only 35% of companies worldwide achieved their DX goals (BCG, 2021) — a sobering figure that shows that a fundamental piece is often missing.

‍

This missing piece? Sometimes this is a thoughtful and proven process approach. Because organizations that do succeed make a smart combination of technology and recognized process optimization methods such as Lean, Six Sigma, Agile and Design Thinking.

‍

What is digital transformation really?

‍
Digital transformation is more than implementing new technology. It's a fundamental review of how organizations create value, supported by digital tools.

‍

It's about:

‍

• Process automation
• Data-driven decision making (which is crucial, as 73% of consumers expect improved personalization as technology advances, Salesforce, 2024)
• New (digital) customer interactions
• Innovative business models
  ‍

But without a clear process approach, digitization can lead to accelerated chaos instead of measurable improvement.

‍

The power of process methods in DX

‍

Here's how proven methodologies add value to digital projects:

‍

1. Lean: Eliminate waste before digitizing

‍

Lean focuses on eliminating waste and maximizing customer value. In digital processes, Lean helps to identify inefficient processes before they are automated.

‍

• Value Stream Mapping to discover bottlenecks and waiting times.
• Focus on a culture of continuous improvement (Kaizen).
• Minimizing unnecessary steps in digital workflows

Achieve companies with effective change management programs (a pillar of Lean and Agile) medial 143% of expected ROI (McKinsey).

So clean up first, then digitize!

‍

2. Six Sigma: Ensuring Quality and Consistency

‍

Six Sigma is focused on reducing variation and improving the quality of the end product. By using data analysis and the DMAIC (Define, Measure, Analyze, Improve, Control) cycle, digital processes can measurable and sustainable are being improved.

‍

• DMAIC apply to digital workflows to eliminate errors and rework to reduce.
• Data-driven approach: Organizations that implement Six Sigma correctly see on average, a return of $230,000 per project and an ROI of 4.5 to 6 times on their training investment (Sixsigma.us).
  ‍

3. Agile & Design Thinking: Flexibility and People Focus
‍

• Agile ensures rapid iteration, continuous feedback and collaboration between teams, which is essential in the rapidly changing digital world.
• Design Thinking puts the end user first and helps design intuitive digital solutions. The goal: better adoption.
  ‍

Companies that use Design Thinking focus on understanding user needs. This is crucial because 41% of organizations invest in DX without properly examining their customer needs (Prophet, 2019), which often leads to adoption disappointment.

‍

The consultant as strategic process director

‍

As a consultant, you can use these methods strategically in each phase of a digital transformation process:
‍

Regardless of the role you play in the digital transformation project where you are working as a consultant, it is always interesting to keep the above process methods in mind.

‍

• Lean: try to identify the processes that your project has an impact on and identify waiting times and unnecessary steps.
• Six Sigma: view the product delivered by the project you are working on, what is the amount of rework there? What is the quality of the end product? Does each product have the same level of quality (variation)?
• Design Thinking: make use of Design Thinking techniques when you attend workshops that look for solutions.
• Agile: An agile way of working ensures rapid development of the certain solutions, and rapid feedback loops also help with rapid deliveries.

‍

Practical example: the HR app implementation

‍

Imagine: as a Digital Transformation consultant, you supervise the implementation of a new HR app (paysheet, absences, etc.).

‍

• Lean: You start with a Value Stream Map of the current process. You discover two redundant approval steps and four days of waiting time in the leave application process. These steps are eliminated before digitization.
  ‍
• Six Sigma: During the test phase, you analyze data. You note that 15% of applications are submitted incorrectly due to confusing input fields. You apply the DMAIC method to analyze the source of error, improve the interface and reduce the error rate to less than 5% (the Six Sigma Standard).
  ‍
• Design Thinking: You organize workshops with the end users to co-create the interface. By using personas and Journey Mapping, you design an app that is intuitive, which means adoption accelerates by 25% in the first month.
  ‍
• Agile: You're using Scrum. Each sprint provides a working element. User feedback from last week will be incorporated into the next sprint, so that the solution perfectly meets the need.

‍

Conclusion

‍

Digital transformation is not a goal in itself, but a means of creating measurable value. Integrating Lean, Six Sigma, Agile and Design Thinking enables consultants to:

‍

1. Avoiding waste (Lean).
2. Guaranteeing quality and ROI (Six Sigma).
3. Achieve higher user adoption (Design Thinking).

‍

In short: Optimize first, then digitize. Only then can you achieve sustainable change, satisfied customers and measurable impact.

‍