Compliance
Practical analysis of ISO 27001, NIS2, and DORA, the way we deliver them to Nordic organisations.
The CRA is an EU law that ties cybersecurity rules to CE marking, so a product with digital elements cannot enter the EU market without it.
An ISO 27001 Lead Implementer builds your ISMS; a Lead Auditor checks it. Hire the wrong role and your certification project stalls.
How leadership teams move from compliance uncertainty to documented control, evidence that holds up under investor, customer, or regulatory due diligence.
SOC 2 can win you a US deal or burn six figures you did not need. Here is how to tell which, and how it fits ISO 27001.
A US prospect asks for your SOC 2 Type 2 report, you do not have one, and the deal stalls. Here is what it is and the decision it forces.
If Norway counts your firm as critical, you have had legal digital-security duties since October 2025, and most boards have not noticed.
Buyers increasingly require ISO 27001 certification to even let you bid, so missing it quietly drops you from shortlists you would have won.
A practical ISO 27001 checklist that takes a Norwegian small or mid-size business from "we should get certified" to a Stage 2 audit.
A ten-step DORA checklist for Norwegian banks, insurers, payment firms and asset managers, with Finanstilsynet deadlines and what to do this quarter.
A leader-facing NIS2 checklist for Norwegian SMBs, the scope self-test, who owns what, the reporting clock, what to budget, and the board questions to ask.
NIS2 obligations flow down through contracts, so you can be asked to prove security maturity even before the rule reaches Norwegian law.
Practical compliance steps for the new EU directive, what to do this quarter, and what can wait.