See also the information aimed at businesses in general here.
For larger companies, groups of companies and corporations, the Management System.se basically provides the same functionality as is the case for SMEs. Requirements and processes can be identified and documented, information and personal data processing inventoried, risks that jeopardize business objectives managed and the tool provides tangible support to meet the requirements of already existing frameworks and standards.
Through the management system.se’s partner portal, a larger business is given the opportunity to centrally coordinate and publish requirement sources and law lists, publish common governing documents in close connection with processes that depend on them, and assist the activities in the corporate group or group with common automated risk templates.
The partner portal is provided as an opportunity for those who have a connection to at least two regular licenses for ledningssystemet.se, for example by having two companies in a group of companies that each use their own license. The partner portal is then provided as a cloud service according to our general conditionsand at no cost.
Visit the page For consultants for more information about the partner portal and how it can be used together with the customer instances. The same functionality that a consultant can provide to its clients, a group can provide to its group companies.
Compliance and certification
The requirements for larger companies, groups of companies and groups of companies are increasing as these types of companies become subject to clearer and clearer regulations. This applies not least to regulations on sustainability (CSRD, Corporate Sustainability Reporting Directive), regulations for businesses operating in the financial sector or as suppliers to it (DORA, Digital Resilience Act), regulations for businesses where information security is deemed to be of particular importance (NIS2, Network and Information Systems Directive 2) and regulations for critical operators (CER, Directive on the Resilience of Critical Entities). For Sweden, some of these regulations will be governed by the forthcoming Cyber Security Act and some regulations will be incorporated through the harmonization of other legislation.
In addition to the above, organizations that are affected by the Swedish Security Protection Act, either as an operator or as a supplier that has entered into a security protection agreement or security protection agreement, need to ensure that they can meet the requirements imposed on the organization by the legislation as such and by the organizations for which they may be acting.
Through the management system.se, the larger company, group of companies or group can collect the requirements in their own or common lists and, based on these identified requirements, carry out reconciliations in the form of compliance evaluations. Identified observations are collected in the list of non-conformities and observations and can then be addressed through immediate actions, root cause analysis and planning of preventive measures to ensure that a given deficiency does not occur again.
Based on the identified requirements, a statement of applicability can be generated (from all sources of requirements), internal audits can be performed by internal or external resources and, in case of external audits, the organization can easily provide reporting documentation by temporarily inviting the auditor to the tool, instead of creating endless amounts of reporting documents based on information that is routinely managed elsewhere.
For organizations with real requirements regarding information security and where senior management has an explicit responsibility for the organization’s risk management (as is the case in, for example, NIS2, DORA and the Swedish Security Protection Act), the tool provides good conditions for systematically managing the organization’s risk work and the tool’s risk management module provides sufficient systematic and overview for the risk picture to be known to senior management and the management can thus in practice recognize and take the responsibility imposed on the organization’s representatives through the regulations.
Even organizations that do not have the explicit requirements of the regulations on them will benefit from the opportunity for systematics, control and monitoring that the tool provides; not least based on the fact that risks identified reasonably jeopardize the organization’s ability to achieve its goals.
