ISO & NIS2 Portal

Automatic, auditable compliance evidence — ISO 27001/9001, NIS2 and machinery CE — plus workforce processes in one place.

What it looks like in the portal

Sample views with demo data.

Management dashboard demo data
92% Acknowledgements
78% Training
3 Equipment not returned
Completed acknowledgements over time
64% Jan 71% Feb 80% Mar 85% Apr 88% May 92% Jun
NIS2 → ISO coverage map
8/10 art. 21
covered by ISO
  • Risk analysis and system security Covered
  • Incident handling Partial
  • Business continuity and backups Covered
  • Supply-chain security Covered
  • Cryptography and encryption Covered
  • CSIRT reporting channel Gap
Machinery conformity assessment
Pipeline readiness (2023/1230)
3/4
  • Classification (Art. 3) cleared
  • Risk assessment (ISO 12100) cleared
  • Technical documentation cleared
  • 4 EU Declaration of Conformity to do

The ISO & NIS2 Portal is a single system where you collect automatic, auditable evidence of compliance — from document acknowledgements and training, through ISO 27001/9001 registers, to NIS2 sector compliance and CE marking of machinery. Instead of paper trails and spreadsheets flying around by email, you get one source of truth with a full record: who, when and which version.

The application was built during an ISO/IEC 27001 implementation, so every module answers a specific requirement of the standard or the law — and produces auditor-ready evidence right away.

NIS2 and sector compliance

NIS2 compliance without the chaos

From the question “does this apply to us?” to ready evidence — no spreadsheets flying around by email.

  • Entity self-assessment — a 3-criteria test (sector · size · special status): essential, important or out of scope.
  • Article 21 checklist — 10 risk-management measures with the requirement described and implementation status.
  • NIS2 ↔ ISO coverage map — a client-facing view of what ISO 27001 already delivers.
  • Incident register — a CSIRT track separate from GDPR (24 h / 72 h / 1 month).

Machinery CE compliance (EU Reg. 2023/1230)

A full machinery conformity-assessment pipeline — with an immutable decision trail.

  • Classification (Art. 3) — a rule engine indicates the product type; a human can override it with a justification.
  • Risk assessment — per ISO 12100 (severity × probability × exposure); critical risks block approval.
  • Technical documentation — the required set is matched to the machine type and versioned.
  • Declarations and substantial modification — EU Declaration of Conformity / Incorporation as PDF; an assessment of when a new conformity assessment is needed.

Audit readiness and a decision trail

Every decision, acknowledgement and document has a date, author and version.

  • Compliance pipeline gates — see which stages are cleared and what is blocking placing on the market.
  • Immutable audit log — who changed what and when, on every operation.
  • Machine and asset register — with versioning that protects historical assessment results.
  • XLSX import and export — move data in bulk instead of typing it in by hand.

ISO 27001 / 9001

ISO compliance evidence — automatically

Versioned acknowledgements, a content hash and an audit log instead of paper declarations.

  • Versioned repository — a new document version forces automatic re-acknowledgement.
  • Acknowledgement records — bind the user, version, timestamp and content hash (SHA-256).
  • Audit log and retention — an immutable journal aligned with the forensics policy.
  • Assignment templates — documents are assigned automatically by department/role.

ISO registers as standard

A consistent set of ISMS registers with filtering, dictionary legends and change history.

  • Risks and corrective actions — a consistent scale and readable code legends.
  • Incidents and vulnerabilities — in one place (A.5.24–A.5.28, A.8.8).
  • Suppliers and legal compliance — supplier relations, a compliance register, processing activities (GDPR).
  • Audits and management reviews — the full improvement cycle (9.2 / 9.3).

Awareness and competence

Training with quizzes, recurrence and readiness before the audit.

  • Slide training + quiz — score and completion date as evidence of competence.
  • Awareness recurrence — training expires after 12 months and returns to the list.
  • Pre-audit to-do — a checklist with a progress bar: zero open items = ready.
  • Standard coverage map — what is already covered and where the gaps are.

Workforce processes

Paperless onboarding

A single checklist that assigns policies by itself and generates proof of completion.

  • Checklist with evidence — NDA, scope of duties, training, equipment issue, accounts, MFA.
  • Automatic acknowledgements — the right set of policies by role/department.
  • Equipment issue — linked to the inventory during onboarding.
  • “Not applicable” step — with a justification, instead of a fake “done”.

Offboarding under control

Equipment return, account deactivation and exit interview — with hard proof of closure.

  • Mandatory equipment return — you see at once what is still outstanding.
  • Account and access deactivation — a list of systems, access cards, NDA-on-exit.
  • Exit interview and backup — as documented steps.
  • Retention and GDPR — pseudonymisation without deleting required evidence.

Equipment and the employee file

One glance: equipment, acknowledgements, training and what is still to do.

  • Assigned equipment — serial number, issue date, condition; linked to the asset inventory.
  • Employee card — equipment, acknowledgements and training on one screen.
  • “To do” signals — overdue acknowledgements, unfinished training, unreturned equipment.
  • Consistency with HR — issued during onboarding, mandatory return during offboarding.

Want to see the portal running on your own processes? Get in touch — we will show you how to fit ISO, NIS2 and workforce processes into one auditable place.

Contact Us

Need an app, consultation, or support for your CMMS/EAM maintenance systems?

Frequently asked questions

  • How does ISO 27001 compliance differ from NIS2 in the portal?
  • Does the portal replace paper acknowledgement statements?
  • Does it support machinery conformity assessment (CE)?
  • Which HR processes does it cover?
  • How is the portal deployed in a company?