ISO & NIS2 Portal
Automatic, auditable compliance evidence — ISO 27001/9001, NIS2 and machinery CE — plus workforce processes in one place.
What it looks like in the portal
Sample views with demo data.
- Risk analysis and system security Covered
- Incident handling Partial
- Business continuity and backups Covered
- Supply-chain security Covered
- Cryptography and encryption Covered
- CSIRT reporting channel Gap
- Classification (Art. 3) cleared
- Risk assessment (ISO 12100) cleared
- Technical documentation cleared
- 4 EU Declaration of Conformity to do
The ISO & NIS2 Portal is a single system where you collect automatic, auditable evidence of compliance — from document acknowledgements and training, through ISO 27001/9001 registers, to NIS2 sector compliance and CE marking of machinery. Instead of paper trails and spreadsheets flying around by email, you get one source of truth with a full record: who, when and which version.
The application was built during an ISO/IEC 27001 implementation, so every module answers a specific requirement of the standard or the law — and produces auditor-ready evidence right away.
NIS2 and sector compliance
NIS2 compliance without the chaos
From the question “does this apply to us?” to ready evidence — no spreadsheets flying around by email.
- Entity self-assessment — a 3-criteria test (sector · size · special status): essential, important or out of scope.
- Article 21 checklist — 10 risk-management measures with the requirement described and implementation status.
- NIS2 ↔ ISO coverage map — a client-facing view of what ISO 27001 already delivers.
- Incident register — a CSIRT track separate from GDPR (24 h / 72 h / 1 month).
Machinery CE compliance (EU Reg. 2023/1230)
A full machinery conformity-assessment pipeline — with an immutable decision trail.
- Classification (Art. 3) — a rule engine indicates the product type; a human can override it with a justification.
- Risk assessment — per ISO 12100 (severity × probability × exposure); critical risks block approval.
- Technical documentation — the required set is matched to the machine type and versioned.
- Declarations and substantial modification — EU Declaration of Conformity / Incorporation as PDF; an assessment of when a new conformity assessment is needed.
Audit readiness and a decision trail
Every decision, acknowledgement and document has a date, author and version.
- Compliance pipeline gates — see which stages are cleared and what is blocking placing on the market.
- Immutable audit log — who changed what and when, on every operation.
- Machine and asset register — with versioning that protects historical assessment results.
- XLSX import and export — move data in bulk instead of typing it in by hand.
ISO 27001 / 9001
ISO compliance evidence — automatically
Versioned acknowledgements, a content hash and an audit log instead of paper declarations.
- Versioned repository — a new document version forces automatic re-acknowledgement.
- Acknowledgement records — bind the user, version, timestamp and content hash (SHA-256).
- Audit log and retention — an immutable journal aligned with the forensics policy.
- Assignment templates — documents are assigned automatically by department/role.
ISO registers as standard
A consistent set of ISMS registers with filtering, dictionary legends and change history.
- Risks and corrective actions — a consistent scale and readable code legends.
- Incidents and vulnerabilities — in one place (A.5.24–A.5.28, A.8.8).
- Suppliers and legal compliance — supplier relations, a compliance register, processing activities (GDPR).
- Audits and management reviews — the full improvement cycle (9.2 / 9.3).
Awareness and competence
Training with quizzes, recurrence and readiness before the audit.
- Slide training + quiz — score and completion date as evidence of competence.
- Awareness recurrence — training expires after 12 months and returns to the list.
- Pre-audit to-do — a checklist with a progress bar: zero open items = ready.
- Standard coverage map — what is already covered and where the gaps are.
Workforce processes
Paperless onboarding
A single checklist that assigns policies by itself and generates proof of completion.
- Checklist with evidence — NDA, scope of duties, training, equipment issue, accounts, MFA.
- Automatic acknowledgements — the right set of policies by role/department.
- Equipment issue — linked to the inventory during onboarding.
- “Not applicable” step — with a justification, instead of a fake “done”.
Offboarding under control
Equipment return, account deactivation and exit interview — with hard proof of closure.
- Mandatory equipment return — you see at once what is still outstanding.
- Account and access deactivation — a list of systems, access cards, NDA-on-exit.
- Exit interview and backup — as documented steps.
- Retention and GDPR — pseudonymisation without deleting required evidence.
Equipment and the employee file
One glance: equipment, acknowledgements, training and what is still to do.
- Assigned equipment — serial number, issue date, condition; linked to the asset inventory.
- Employee card — equipment, acknowledgements and training on one screen.
- “To do” signals — overdue acknowledgements, unfinished training, unreturned equipment.
- Consistency with HR — issued during onboarding, mandatory return during offboarding.
Want to see the portal running on your own processes? Get in touch — we will show you how to fit ISO, NIS2 and workforce processes into one auditable place.
Contact Us
Need an app, consultation, or support for your CMMS/EAM maintenance systems?
Frequently asked questions
- How does ISO 27001 compliance differ from NIS2 in the portal?
ISO 27001 is a voluntary information-security management system; NIS2 (the national cybersecurity act) is a legal obligation for selected sectors.
The portal shows a coverage map: most NIS2 measures (Article 21) are already delivered by ISO 27001 controls — and where NIS2 requires something extra (e.g. CSIRT reporting deadlines), it flags the gap to close.
- Does the portal replace paper acknowledgement statements?
Yes. An acknowledgement is confirmed electronically and bound to the user, document version, timestamp and content hash (SHA-256), and everything is written to an immutable audit log.
- Does it support machinery conformity assessment (CE)?
Yes. The portal runs a full pipeline per Regulation (EU) 2023/1230: classification, risk assessment (ISO 12100), technical documentation and generation of the EU Declaration of Conformity / Incorporation.
- Which HR processes does it cover?
Onboarding, offboarding and position change as checklists with owners and due dates, equipment issue and return, and an employee card with a view of acknowledgements and training.
- How is the portal deployed in a company?
Sign-in is based on Microsoft Entra ID (Azure AD), data is kept in Azure, and employees are added deliberately. Contact us — we will tailor the scope of modules to your needs and audit requirements.