FAQ

The DIRSYS solution is a system support for organizations that need to work in a structured way with cybersecurity, IT governance andregulatory compliance. The solution brings together requirements, risks, actions and follow-up in a coherent way of working — and makes it possible to monitor how security work actually works in practice.

Yes. The solution is built to adapt to your reality. With conditionality management, you avoid requirements that do not apply to you and can focus on the right level of security and compliance.

Yes. You can start from existing standards that you adapt or build your own framework. Structure, concepts and help texts can be customized to suit your organization and language.

Yes. Our information and cybersecurity advisors will help you find the right framework based on your maturity level. In addition, we help you establish effective working methods and follow-up in your business.

Policies and policies are only valuable if they are implemented in practice. Therefore, you can supplement your work with automatic checks that verify that the requirements are actually being complied with in your systems.

By linking control plans to your IT environment, settings, permissions and protection are analyzed on an ongoing basis. Deviations are detected automatically — without manual checklists.

Book a demo and we will show you how the frameworks work in practice and how they can be adapted to your particular organization.

DirSys Integrity is our GDPR tool that helps you carry out structured data protection work and comply with GDPR. The product is part of our cybersecurity and regulatory compliance platform.

Here you manage your register list in a simple way, with support for high quality, updating and follow-up over time.

DirSy's GDPR tool makes it possible to make visible an existing register list, document new personal data processing and carry out impact assessments (DPIA). The built-in audit flow makes it easy for Data Protection Officers or the like to review new and modified treatments.

The system is permission-driven, so users only see what's relevant to them, and you can easily filter out the right types of treatments.

In addition, you will be supported in monitoring your GDPR compliance and identifying improvement measures. All with a focus on being easy and efficient to work in.

If you already have a system that you are happy with, that is great! If not, we are happy to help you compare to see if our solution meets your needs better.

In addition, we can easily review your existing register list. You don't have to start over just because you choose a different solution.

The No. If you already have a register list you are happy with, it is easy to import it into our solution.

Yes. DirSys makes it possible to work together with GDPR, information and cybersecurity as well as requirements from, for example, the Cybersecurity Act (NIS2) and ISO/IEC 27002 — in the same solution.

This means that you do not have to work in several different systems or parallel processes. Risks, requirements and actions are interconnected, making it easier to prioritize correctly, avoid duplication and show how your work on data protection and security actually reinforce each other.

Yes. The registry list can be easily exported to Excel, for example in case of supervision or other external audit.

Start by book a demo with us. Then we will review how you work today and what you want to improve.

Once you have decided on DirSys, you are quickly up and running. There is both the possibility to import existing material ourselves or get support from us. We also offer onboarding and training for a safe start.

DirSys Security is our cybersecurity solution that helps organizations work in a structured way with their information security and cybersecurity. With support for risk analysis, action plans and automation, it gives you a clear and simple picture of how secure your organization is and how you comply with applicable legal requirements.

The solution is suitable for organizations that want to work proactively with cybersecurity and information security. It is used by the CISO to run the information security work, the IT manager who wants to raise the organization's cybersecurity, and legal professionals who want to check the organization's legal compliance.

Above all, it suits organizations that want to work simply and pragmatically and be able to control what it looks like for real — not just document it.

The result is control over your information and cyber security - so you can rest assured that you are protected. Both from an organizational as well as a technical perspective. The solution helps you comply with applicable legal requirements and minimize security risks before they occur.

Yes. We offer both the solution as a cloud service with high security requirements, but we can also help you set it up as an On-Prem service.

Yes, it goes along with our GDPR tool. This means that you do not need to document information carriers in several places and you can perform different types of risk analysis in the same interface. A common thread between data protection and cybersecurity!

Start by book a demo with us. Then we will review how you work today and what you want to improve.

At a first demo, we will look at your existing working methods and needs to see if we can help you move forward. Once you have decided to get started, the implementation takes place smoothly with support from us.

GDPR (General Data Protection Regulation) is an EU regulation that has been in force since 25 May 2018. The aim is to protect individuals' personal data and strengthen their rights. The regulation imposes requirements on how organizations collect, store and use personal data — in a legal, fair and transparent manner. GDPR is important because it clarifies both responsibilities and obligations when handling personal data.

To work in a structured and risk-based way with information and cyber security, be able to manage incidents and demonstrate compliance with requirements over time.

The assessment is based on a combination of sector, size, possible exemptions and the organisation's role in vital supply chains, not just industry.

15 January 2026, and many requirements require preparation well in advance — especially around governance, risk analysis and supplier management.

Yes, often indirectly through requirements for security in the supply chain. This is especially true if the supplier supplies IT services or systems to socially important activities.

Organisations need to be able to demonstrate compliance, for example through documentation, risk assessments and follow-up. Deficiencies can lead to injunctions or penalty fees.

The No. The law requires ongoing work, follow-up and improvement. Risks, threats and supplier relationships change over time and must be monitored continuously.

A system support provides overview, structure and traceability, makes it easier to follow up on actions, and clearly shows how the organization works with compliance over time.

No, a DSO does not have to be employed. A DSO should be independent which is why it is even advantageous to hire an external DSO.

The advantage of having an external data protection officer is that you follow best practices and have access to an independent DSO. It will also be a more cost-effective and flexible solution than hiring, training and retaining an employee.

With DirSys DSO as a service, you can customize the scope according to your needs and you get access to a broad portfolio of expertise in data protection, law, information security and IT.

There are requirements for a DSO to be someone who has an independent position in the organization. It can be difficult to be independent if you already have another position in the organization. According to the Privacy Protection Authority, it is inappropriate if the DSO is part of the organization's management or otherwise participates in making overall decisions about the operations.

In order to act as a DSO, one must have knowledge of GDPR, be able to understand the core business and have the ability to disseminate a data protection culture.

The DSO shall report to the management or board of the organisation as a starting point.

The short answer is yes. Also, be sure to notify the appointed DSO to the IMY Privacy Protection Authority.

Cybersecurity is about protecting your organization's information, systems, and services from attack, disruption, and misuse — and being able to handle incidents when they occur.

Whether it's achieving legal compliance, maintaining a good brand, or protecting sensitive data from unauthorized persons, someone is needed to lead and coordinate the overall work on information security. That responsibility usually falls to a CISO. Depending on your level of risk, what legal requirements you are subject to and which customers you do business with, the need varies widely. Some have a need for a full-time CISO, while others need the resource at a certain percentage.

A CISO has the overall responsibility to lead and coordinate the work on information security (and sometimes also cybersecurity). The aim is to create conditions for the organization to become resilient and resistant to cyber attacks and to comply with legislation in the field of information security. The CISO reports to management on status and works to enhance the organization's maturity level and information security culture.

No, a CISO does not have to be employed. The advantage of hiring a CISO is that over time it develops a deep business knowledge. An external CISO gives you flexibility. Both in terms of scope, for those of you who are not in need of a full-time resource, and in terms of how quickly you can get started, since you do not need to recruit.

With an external CISO, you gain the skills, perspective and experience that come with many years of work with information security in different types of organizations. You will gain knowledge of how systematic information security work is built up and established, and that work starts right at start-up. It will also be a more cost-effective and flexible solution than hiring, training and retaining an employee.

The CISO shall report to the management or board of the organization as a starting point.

Our offer is below the direct procurement limit, which means that you can make a direct procurement. If you need to make a procurement, we are involved in most consulting brokerage agreements that are available through national framework agreements. Contact us and we will be happy to help you further.

ISO 27001 is an international standard for how organizations should work systematically with information security. It describes how an information security management system (LIS) should be built, managed and followed up — focusing on risk, responsibility and continuous improvement.

We combine procurement expertise, IT understanding and business perspective.
This means that we not only ensure that the procurement complies with the LOU — but also that you actually get a solution that works in everyday life and can be implemented in your business.

Yes. We support all the way: from needs analysis and market analysis, to requirements specification, evaluation of tenders and introduction of the selected solution. You get a cohesive process instead of many separate efforts.

Often, yes. We can step into ongoing procurements to support with requirements review, evaluation model or dialogue for the next step — depending on where you are in the process.

Through clear structure, balanced requirements and a well-thought-out evaluation model.
We ensure that the requirements are relevant, proportionate and actionable — and that the process is transparent throughout.

Our focus is primarily on the public sector and activities covered by LOU, but we also work with procurement in other regulated environments where structure, transparency and business benefit are crucial.

Start with a first call. Then we look at your situation, where you stand today and what you want to achieve. Next, we suggest how we can best support you. Book a consultation or contact us and we'll take it from there.

The course includes a half-day with all the contents described above and the presentation from the day. In addition, you will have the chance to ask your questions about NIS2. After completing the training, you will receive a certificate that you have completed the training.

Yes, we carry out the training in your solution and adapt it to your way of working.

To get the value out of being able to discuss and ask questions, we recommend a maximum of 10 participants in the courses. If there are more participants than that, we recommend a series of trainings and/or that we carry them out on site with you.

No, no prior knowledge is required. We customize the material according to your level.

We can perform the training both digitally and on site.