COMPLIANCE ORCHESTRATOR
Ensure compliance with standards such as CSRD, VSME and NIS2, not just as a one-time project, but continously as part of regular operations through status and tasks.
The Orchestrator platform allows an easy-to-use, modular approach to applications that have a number of features and functions in common. This includes targets (goals), status, tasks and follow-up processes. This makes the platform an excellent choice for a wide set of compliance tools, where the customer may use one or more of them – in a fully integrated manner, where they share common data such as organization structures.
PRODUCT DESCRIPTION
Compliance Orchestrator is multi-tenant solution, delivered as a SaaS service from a Norwegian data center, in compliance with ISO 27001, ISO 14001 and ISO 9001.
Sustainability Compliance (CSRD, VSME)
Orchestrator makes the path to full CSRD or VSME compliance simple and clear. We guide you through the entire process – from the first step to the finished report – and give you the tools to establish a good data structure, simplify task planning and automate data capture for sustainability reporting. In addition, we ensure that you are always up to date, so that your reporting keeps pace with changing requirements and conditions in your business.
The Corporate Sustainability Reporting Directive – CSRD - applies initially to large, listed companies with more than 500 employees or their parent companies. A simplified version in the form of VSME (Voluntary Standard for Small and Medium Enterprises) for medium-sized enterprises and others that are not required to follow the CSRD.
The sustainability report must contain what is necessary to understand the company's impact on sustainability, and information that is necessary to understand how sustainability affects the company's development:
- Business model and strategies
- Sustainability objectives
- Key sustainability risks
- Indicators relevant to the above information
CSRD information should be reported in accordance with ESRS, European sustainability reporting standards divided into Environmental, Social and Governance (ESG). Compliance Orchestrator does this automatically using the European sustainability electronic reporting format (ESEF) via the European Single Access Point (ESAP) service.
Key Features
NIS2 Compliance
Compliance Orchestrator makes the path to NIS2 compliance simple and transparent. The product helps you with all aspects of NIS2 - from critical system overview and vendor evaluation to risk analysis. Orchestrator can also integrate with other tools such as Service and Asset Management solutions and enterprise management systems to keep manual work to a minimum.
The Network and Information Security Directive (NIS2)
The purpose of the NIS2 Directive is to increase the resilience of network and information systems of both private and public actors operating in relevant sectors in the EU, to reduce the fragmentation of the internal market in sectors already covered by the NIS Directive and to improve the common awareness and capacity related to resilience. The European Commission wants to reduce fragmentation and increase harmonization through more effective cooperation between competent authorities from each Member State, through the subordination of more sectors and through sanctions that can be used for effective enforcement.
Key elements of NIS2
- Risk Management and Compliance
- Support risk assessment to identify vulnerabilities and threats.
- Checklists for compliance with NIS2 requirements.
- Automated risk scoring and recommended actions.
- Applies to 18 industries from October 2024 in the EU.
NIS2 is expected to provide positive societal benefits and savings through increased resilience and reduced consequences of digital incidents and digital crime.
NIS2 applies to both public and private service providers, from finance to IT and public infrastructure such as water, energy and transport.
How should you relate to NIS2?
NIS2 places a number of requirements on public and private enterprises but does not have any general or regular reporting requirements such as sustainability reporting in the form of CSRD or VSME.
A major advantage of compliance with NIS2, even for organizations that are not obliged to do so, is that it contributes to better security and control, which makes the enterprise more resistant to attacks from criminals or others who want to put it out of business.
Key Features
Risk Analysis
Risk Management is central to compliance in general and NIS2 in particular. Businesses must analyze risk in relation to both the suppliers they have (including the countries in which the suppliers are located) and the systems and services they use. Risks must be classified, and measures defined and implemented. These are important aspects of NIS2 Orchestrator.
Basic data for the risk analysis can either be obtained from external systems (through integration) or it can be recorded manually. In many organizations, both are done - because rarely is all relevant data available electronically.
Supplier Assessment
The vulnerability of a business is often linked to the use of suppliers, both those who provide services (e.g. network connections or SaaS services) and those who provide goods (e.g. IT equipment, machinery and software). Therefore, it is important to analyze the suppliers, and their impact on the vulnerability of the business. Part of this analysis is to consider the countries in which the suppliers are located, and their supply chains, which may also extend into many other countries.
System and resource overview
The vulnerability is related to the systems and resources the business uses. And here we mean "systems" in the broadest sense of the word. These can be electronic services such as network connections; an ERP system delivered as a SaaS service or physical equipment such as a router or server. The overview of these resources can be maintained in Compliance Orchestrator or can be obtained by integrating with external systems. For example, if you use an automatic solution such as Opentext Universal Discovery or Raynet ONE to discover the network and maintain an overview of IT equipment and software, the job becomes easier than if you have to do this manually.
SUMMARY: Compliance Orchestrator ensures compliance with standards such as CSRD, VSME and NIS2, not just as a one-time project, but continually through status and tasks. Compliance is delvered as a SaaS service from a Norwegian data center certified according to ISO 27001, ISO 14001 and ISO 9001.