Backup for OpenZaak
OpenZaak does not automatically create a backup of your citizen cases and municipal decisions. Here is what is genuinely at stake — and how to protect it in under an hour.
((Dutch Archives Act + BIO (Government Security Baseline)))
What is actually stored in OpenZaak?
OpenZaak is the daily operational backbone for many Dutch municipalities using the ZGW API standard. What most users don't realise: all that data is not automatically protected against loss.
Typical data that lives in OpenZaak and can be lost:
- ZGW case files — all citizen cases registered via the ZGW API standard
- case documents — documents linked to cases including permits and decisions
- decision records — formal municipal decisions and decision audit trails
- citizen correspondence — citizen correspondence and objection procedure documents
All of this data falls under Dutch Archives Act + BIO (Government Security Baseline), which means you must be able to reproduce it for 10–75 years.
Does OpenZaak automatically create a backup?
OpenZaak is cloud-based, so your data is safe — right? This is the most common misconception among Dutch municipalities using the ZGW API standard.
OpenZaak Community (open source) guarantees that the platform runs, not that your data can be recovered after ransomware or errors.
Ransomware
Encrypts everything — including data synchronised via OpenZaak. Without an offline backup you have no clean recovery point.
Human error
A deleted record, an overwritten import or a mistaken bulk action — OpenZaak offers limited or no undo functionality after more than no undo in the API.
Open-source version security vulnerability
OpenZaak is maintained by the community. Municipalities running an unpatched version are exposed to vulnerabilities with no vendor providing a safety net or SLA.
How Mindtime protects OpenZaak data
Mindtime connects directly to OpenZaak via a local agent combined with the ZGW REST API and creates continuous incremental backups.
| Scenario | OpenZaak alone | With Mindtime backup |
|---|---|---|
| Ransomware encrypts your data | x | ✓ |
| Employee deletes records | x | ✓ |
| Integration overwrites data | x | ✓ |
| Prove GDPR retention obligation | x | ✓ |
| Data on Dutch servers | on-premises or government cloud (Netherlands) | 100% Netherlands |
What if something goes wrong?
Imagine: it's Monday morning. OpenZaak is no longer showing data — ransomware exploited a vulnerability in the OpenZaak API server, corrupting the case database and making all ongoing citizen procedures inaccessible. What now?
Alert received
Mindtime automatically detects that something is wrong and sends an alert.
Choose a recovery point
Choose the moment before the attack. Every increment is saved.
Local recovery started
Recovery starts directly from the local copy. No waiting for a cloud download.
Operational
Your OpenZaak environment is running again. All citizen cases and municipal decisions is intact.
OpenZaak and your retention obligation
Data you manage in OpenZaak typically falls under Dutch Archives Act + BIO (Government Security Baseline). That means you are legally required to retain those records for 10–75 years.
Mindtime stores all OpenZaak data exclusively on Dutch servers, fully within GDPR jurisdiction.
Mindtime is ISO 27001 certified and BIO (Government Security Baseline) where applicable.
Secure your OpenZaak data in five steps
Setup takes less than an hour. After that, the backup runs fully automatically.
Request a demo
We show you how Mindtime works for OpenZaak.
Install the Mindtime agent
The agent is installed on your server or workstation.
Configure the backup schedule
Set which data, how frequently and how long it is retained.
First backup + test recovery
We run a test recovery so you know it works.
Runs automatically
Mindtime runs fully automatically. We schedule a brief quarterly review.
Why Dutch municipalities using the ZGW API standard choose Mindtime
100% on Dutch soil
Your data never leaves the Netherlands. Two redundant data centres within GDPR jurisdiction.
ISO 27001 + BIO (Government Security Baseline)
Independently certified. Annual external audit on processes and security.
Hybrid backup: fast recovery
Local copy for fast recovery and cloud copy for disaster scenarios.
No vendor lock-in
Your data is always yours, in standard formats. You can switch or export at any time.
What is actually stored in OpenZaak?
OpenZaak is the daily operational backbone for many Dutch municipalities using the ZGW API standard. What most users don't realise: all that data is not automatically protected against loss. Typical data that lives in OpenZaak: ZGW case files, case documents, decision records and citizen correspondence. All of this falls under Dutch Archives Act + BIO (Government Security Baseline), meaning you must be able to reproduce it for 10–75 years — even after ransomware, a fire or human error.
Does OpenZaak automatically create a backup?
OpenZaak is cloud-based, so your data is safe — right? This is the most common misconception among Dutch municipalities using the ZGW API standard. OpenZaak offers high availability — meaning the software is almost always online. But availability is not the same as a backup. OpenZaak Community (open source) guarantees that the platform runs, not that your data can be recovered after a ransomware attack, a deleted account or an integration error.
Ransomware
Encrypts everything — including data in OpenZaak. Without an offline backup you have no clean recovery point.
Human error
A deleted record or bulk import error — OpenZaak offers limited undo after no undo in the API.
Open-source version security vulnerability
OpenZaak is maintained by the community. Municipalities running an unpatched version are exposed to vulnerabilities with no vendor providing a safety net or SLA.
How Mindtime protects OpenZaak data
Mindtime connects directly to OpenZaak via a local agent combined with the ZGW REST API and creates continuous incremental backups — in the background, with no action required on your part. Your data is stored on 100% Dutch servers, fully GDPR-compliant.
| Ransomware encrypts your data | ✗ No recovery | ✓ Restore from pre-attack snapshot |
| Employee deletes records | ✗ Limited undo window | ✓ Record-level recovery |
| Integration overwrites data | ✗ Cannot be undone | ✓ Restore from any point in time |
| GDPR retention obligation | ✗ No audit trail backup | ✓ Point-in-time restore + report |
| Data on Dutch servers | ✗ on-premises or government cloud (Netherlands) | ✓ 100% Netherlands |
What if something goes wrong?
Imagine: it's Monday morning. An employee notices that OpenZaak is no longer showing data — ransomware exploited a vulnerability in the OpenZaak API server, corrupting the case database and making all ongoing citizen procedures inaccessible. What now? With Mindtime you are back up and running within 2–4 hours.
Alert received — within minutes
Mindtime automatically detects the problem and sends an alert.
Choose a recovery point — to the minute
Select the moment before the attack in the Mindtime dashboard.
Local recovery started — quickly available
Recovery begins immediately from the local copy — no waiting for a cloud download.
Operational — within 2–4 hours
Your OpenZaak environment is running again. All citizen cases and municipal decisions intact. No ransom paid.
Retention obligation for OpenZaak
Data in OpenZaak typically falls under Dutch Archives Act + BIO (Government Security Baseline). That means you are legally required to retain records for 10–75 years and to be able to reproduce them during an audit or legal request. Mindtime configures the correct retention period automatically and stores all data on exclusively Dutch servers — fully within GDPR jurisdiction. Mindtime is ISO 27001 certified and BIO (Government Security Baseline) certified — independently verified, not self-declared.
Secure your OpenZaak data in five steps
Setting up backup for OpenZaak takes less than an hour. After that, the backup runs fully automatically in the background — no manual actions, no maintenance burden.
Request a free demo
We show you how Mindtime works for OpenZaak — including the integration for your specific environment.
Install the Mindtime agent
The agent is installed on the server or workstation where OpenZaak is running. Average: 20 minutes.
Configure the backup schedule
Set which data, how frequently and how long — aligned to your 10–75 years retention obligation.
First backup + test recovery
The first full backup starts immediately. We run a test recovery together so you know it works before you ever need it.
Runs automatically — quarterly review
Mindtime runs fully automatically. Monthly backup reports and a brief quarterly review to keep scope up to date.
Why Dutch municipalities using the ZGW API standard choose Mindtime
Here is why Dutch municipalities using the ZGW API standard choose Mindtime for backup of OpenZaak — and why we are different from generic cloud backup solutions.
- ISO 27001
- NEN 7510
- GDPR-compliant
- Dutch servers
- BIO (Government Security Baseline)
🇳🇱 100% Dutch servers
Your data never leaves the Netherlands. Two redundant data centres — fully GDPR-compliant. No US law exposure.
ISO 27001 + BIO (Government Security Baseline)
Independently certified. Annual external audit on processes, systems and security.
⚡ Hybrid backup: fast recovery
Local copy for fast recovery (hours, not days). Cloud copy for disaster scenarios.
No vendor lock-in
Your data is always yours, in standard formats. Switch or export at any time.
Frequently asked questions about backup for OpenZaak
Have a different question? Ask us directly.
Does OpenZaak automatically create a backup?
OpenZaak offers high availability, but that is not the same as a backup. OpenZaak is an open-source API — responsibility for backup lies entirely with the municipality. There is no vendor providing a backup safety net by default. Mindtime adds an independent, immutable copy.
How long does setup take?
Installation and configuration takes under an hour on average. After the first full backup, all incrementals run automatically.
What does backup for OpenZaak cost?
The price depends on data volume and retention window. We provide a tailored quote after a short intake.
What happens when I want to recover data?
Choose the recovery point in the Mindtime dashboard — to the minute. Recover a file, folder or the complete environment. Average: 2–4 hours.
Is Mindtime compliant with Dutch Archives Act + BIO (Government Security Baseline)?
Yes. ISO 27001 certified, exclusively Dutch data centres, retention configured for 10–75 years under Dutch Archives Act + BIO (Government Security Baseline).
Does Mindtime also work with Suite4Gemeenten and Topdesk?
Yes. Mindtime works across your complete IT environment — not just OpenZaak. See also: backup for Suite4Gemeenten and backup for Topdesk.
Protect your OpenZaak data today
ISO 27001 certified · 100% Dutch servers · Operational within one hour · No vendor lock-in
Free and no obligation. Average setup time: < 1 hour.