NEW: AI Compliance solution.
Umbraco is a Content Management System (CMS) that allows its users to create customized websites. The platform serves a wide range of customers – from large companies such as DOT and DBU to smaller organizations and web agencies.
“Our customers started asking how we approached NIS2 from the day the directive was announced.”
Mathias Tøndering
IT Responsible at Umbraco
The NIS2 Directive quickly became a big topic at Umbraco – for several reasons.
Over the past few years, Umbraco has experienced massive growth. When Mathias Tøndering started at Umbraco four years ago, there were just 43 employees.
Today, the company has grown to a whopping 135 employees – and as a result, the company has surpassed the ‘magic’ threshold where a company like Umbraco is affected by the NIS2 Directive if it has 49 or more full-time employees.
Also, as a provider of a network and information system, a company like Umbraco is crucial to the functioning of a supply chain. Therefore, customers can demand that Umbraco comply with NIS2 requirements.
This means that Umbraco is a company that is both directly and indirectly affected by the NIS2 Directive.
The NIS2 Directive aims to protect critical infrastructure and EU citizens from cyber-attacks. In doing so, NIS2 sets out a series of minimum requirements to strengthen cybersecurity in the EU. These requirements apply generally to companies that are considered essential and important to society, but they can also affect companies indirectly, as essential and important entities must ensure appropriate supply chain security.
Due to growth and increased customer demand, Mathias Tøndering had his hands full with the NIS2 work. Together with the CTO and SRE, he’s responsible for the maintenance and security of the company’s internal systems and for managing user access to them.
Mathias Tøndering’s overview of all systems makes him a key figure in ensuring Umbraco’s adherence to compliance standards and regulations.
That’s why he had no doubt that NIS2 was high on Umbraco’s priority list when the directive came into force. It also accelerated the company’s goal of achieving ISO 27001 certification in the foreseeable future:
“We quickly realized that the NIS2 Directive leaned heavily on ISO certifications. Therefore, it was an obvious opportunity for us to get started with both NIS2 compliance and ISO certifications.”
Mathias Tøndering
When Mathias Tøndering joined Umbraco, manual control of IT systems, suppliers and to some extent, GDPR was carried out in Excel. The management and Mathias Tøndering wanted to change that.
That’s why Umbraco chose ComplyCloud as their supplier, primarily because of the many customization options they offered.
While other existing solutions limited Umbraco to working with pre-defined IT systems and suppliers, ComplyCloud provided a more flexible approach. This was crucial for Umbraco as they used a wide range of different tools and platforms, all of which needed to be compliant.
In addition, ComplyCloud was a simple tool for managing Umbraco’s GDPR compliance.
“While keeping our IT systems in order, ComplyCloud helped us with GDPR. Everything was put into a flow and system so that tasks were automatically assigned to us. This way, we were certain that everything from simple everyday tasks to documentation was followed up on.”
Mathias Tøndering
In preparation for NIS2, Mathias Tøndering initiated a project to ‘map’ the requirements, the necessary documentation, and so on.
Umbraco had looked at various solutions in the market, but they turned out to be far too complex for Umbraco’s needs.
To Mathias Tøndering’s pleasant surprise, ComplyCloud was ahead of the game and had added NIS2 compliance as a product to the platform.
Therefore, Umbraco chose the obvious: to bring GDPR and NIS2 under one umbrella.
“The systems we were looking at were too technical. We needed an intuitive system that could guide us through NIS2 compliance and tell us in which direction to go – and that’s exactly what ComplyCloud could offer.”
Mathias Tøndering
Initially, Mathias Tøndering spent most of his time in ComplyCloud’s document feature, where he could create NIS2 documents and procedures automatically.
In addition, the overview of suppliers and IT systems has made it easier for Mathias Tøndering to coordinate his efforts and tie up loose ends to ensure a structured approach to NIS2.
“With the document section, we have secured the foundation for Umbraco’s compliance with GDPR and NIS2. As a result, document work has become much easier, as we only need to look at this section when documents need to be renewed. With the annual cycle of work, we get an automatic reminder when it’s time to update.”
Mathias Tøndering
ComplyCloud has not ‘only’ made the preparatory work with NIS2 easier for Mathias Tøndering and his colleagues. It’s also an effective tool for documenting GDPR and NIS2 compliance to customers.
For example, Umbraco had been talking to a major international customer for some time, who requested Umbraco’s compliance procedures and documents.
Fortunately, Mathias Tøndering and the team were able to provide all documents downloaded directly from the ComplyCloud platform – and this was one of the reasons Umbraco signed a contract with the client.
“We signed entreprise customers with annual contracts thanks to ComplyCloud. With their help, we had the documentation in place and could show that we had everything systemized.”
Mathias Tøndering
Want to learn more about how we can also help your organization become NIS2 compliant before the NIS2 Directive is implemented by law in October 2024?
Let’s set you up with one of our experts.