Move from spreadsheets and ad-hoc approvals to a controlled lifecycle for every identity — employees, contractors and machine accounts — with documented ownership, least privilege and periodic review.

• Automated Joiner / Mover / Leaver across HR, AD / Entra ID and business systems, with role models combining RBAC, ABAC, PBAC and DAC and role mining via IdentityMap.
• A new risk register that links every risk directly to processes, systems, suppliers, contracts, incidents and follow-up actions — a living risk picture, not a once-a-year spreadsheet.
• Function and process register with Business Impact Analysis (BIA), criticality, RTO and RPO per process, and DORA-licensed activity mapping.
• Periodic access reviews, exception reports (intended vs actual access) and four-eyes approvals with full audit trail.
• PoPS — a structured decision process for risk-assessing changes to products, organisation, processes and systems before they go live.

A structured workflow from first signal to final report — with the DORA classification criteria built in, so you can tell quickly whether an incident is reportable to Finanstilsynet.

• Structured ICT-incident register with severity, root cause, owner and full timeline — also handles fraud, AML alerts and customer complaints in the same workflow.
• Built-in DORA classification (clients affected, downtime, data losses, geographical spread, criticality, reputational and economic impact) with automatic alert when reporting thresholds are crossed.
• Guided reporting flow: 4-hour initial notification → 72-hour status report → final report within one month, with reminders and management escalation.
• Direct submission to Finanstilsynet via Altinn integration, so the same case both runs the response and produces the regulatory report.
• Every incident links to corrective actions in the Measures Database and to the systems, suppliers and processes affected — no separate Excel for follow-up.

A live register of your ICT third-party arrangements — not a once-a-year spreadsheet. Built to produce the Register of Information (RoI) in the format Finanstilsynet expects.

• Live Register of Information with business functions, ICT services, providers, subcontractors and data flows — full traceability from data element to responsible function.
• Full, partial and annual RoI reports generated in xBRL-CSV — packaged as a ZIP file ready for Finanstilsynet, with direct submission of new ICT agreements via the KRT-1121 form in Altinn.
• AI-assisted, continuous supplier monitoring of public sources — Brønnøysund announcements, eInnsyn orders, news and Transparency Act information — that reopens vendor assessments when the risk picture changes.
• Contract register with renewal reminders, exit plans, SLA / KPI follow-up and reports on suppliers without contract, audit or up-to-date assessment.
• Concentration-risk visualisation across subcontractors so you can see — not just describe — your critical dependencies.

Daily operational work — approvals, reviews, incidents, supplier follow-up — generates the trail an auditor or Finanstilsynet supervisor will ask for. No separate evidence project.

• Control database where controls are linked to risks, incidents and regulatory requirements — execution and results documented, with dashboards and alerts to management.
• Measures Database that ties findings from audits, ICT incidents and supervisory letters to a named owner, deadline and status — with pattern analysis to spot recurring problem areas.
• Annual ICT risk report for the board, consolidated automatically from risk assessments, incidents, actions, suppliers and controls — one source of truth, not a manual exercise.
• Local and global dashboards across services and tenants, with data available via API and export to Power BI for the analytics platform you already use.
• Full audit trail with attachments and history on every change, plus export to PDF, PNG and PowerPoint for board reporting and supervisory dialogue.