NIS2 took effect in 2024

Your customers' customers will ask about your information security

Large enterprises covered by NIS2 push requirements down the chain. ISO 27001 certification becomes the door opener. AmpliFlow gives you the tools to build your information security program — structured and traceable.

Book a demo See Annex A controls

93 Annex A controls

4 Control themes

1 Platform

0 Silos

Companies building information security with AmpliFlow

Why now

Regulatory pressure is increasing — on you

It's no longer enough to "have good practices." Your customers, their customers, and regulators want to see documentation.

NIS2

Your customers' customers will ask

NIS2 extends requirements to the entire supply chain. Large enterprises covered by the directive will require their suppliers to demonstrate information security practices.

DORA

Financial sector raises the bar

The Digital Operational Resilience Act creates new requirements for financial sector suppliers. If you provide IT services to banks or insurers, you're directly affected.

ISO 27001

Certification as a door opener

More and more procurement processes require ISO 27001 certification or equivalent. Without documented security practices, you lose business opportunities.

ISO 27001:2022

93 controls. One platform.

ISO 27001 Annex A contains 93 controls divided into four themes. In AmpliFlow, you structure the work around the controls using existing tools — risk analysis, document control, and improvement management.

Annex A — 93 controls

Click a category to see the controls. AmpliFlow has no built-in Annex A feature — but with Custom Lists you can create your own control register, linked to risks and actions.

Organizational controls

0/37 (0%)

People controls

0/8 (0%)

Physical controls

0/14 (0%)

Technological controls

0/34 (0%)

0%total controls

0/93controls

4themes

The Solution

Existing tools, new use case

You use the same tools as for quality, environment, and occupational health — same risk analysis, same document control, same improvement management. One system, not separate silos.

Risk analysis for information security

Identify threats and vulnerabilities with operational risk analysis. Assess likelihood and consequence, connect actions, and track how the risk landscape changes over time.

Policies and procedures with document control

Publish security policies, procedures, and work instructions with version management and approval workflows. Everyone knows where the current version lives.

Incident handling through improvements

Report security incidents through improvement management. Conduct investigations, root cause analysis, and follow up corrective actions — all traceable.

Stakeholders and legal linkage

Connect stakeholders to ISO 27001. Document their information security requirements and link to relevant legislation like GDPR and NIS2 via the legal requirements register.

Connected system

Information security connects to everything else

In AmpliFlow, information security shares the same risk register, document control, and improvement management as quality and environment. That's the whole point.

Risk Analysis Policies Incidents Stakeholders Legal Reqs

Scenario

Next time the auditor asks...

"Show me how you identified your information security risks, which controls you implemented, and how you follow up on incidents."

With AmpliFlow, you open the risk register, show linked policies, and pull up the incident log. Same tools, one unified view. No panic, no outdated Excel sheets.

FAQ

Questions about information security in AmpliFlow

Is there a dedicated module for information security?

AmpliFlow uses the same tools as for other quality work — risk analysis, document control, improvement management, and stakeholder management. This gives you an integrated ISMS without duplicate effort and silos.

How do we handle the Annex A controls?

You structure Annex A work using risk analysis for threat assessment, document control for policies and procedures, and improvement management for incidents. Create your Statement of Applicability (SoA) as a controlled document.

Can we manage NIS2 requirements in AmpliFlow?

Yes. Register NIS2 and related regulations in the legal requirements register. Assess applicability, connect to stakeholders, and track how you comply. Same register as for GDPR and other laws.

How do we report security incidents?

Use improvement management — the same tool as for deviations and improvement suggestions. You can conduct investigations with root cause analysis and follow up corrective actions with responsible person and target date.

Can we integrate information security with our existing quality work?

Absolutely — that's the whole point. Since AmpliFlow handles all management systems on the same platform, you can combine ISO 27001 with ISO 9001, 14001, or 45001 without creating separate systems.

Get started

Build your information security program

Book a demo and we'll show you how to use AmpliFlow to meet NIS2 and ISO 27001 requirements — with the tools you already have.

Kontakta AmpliFlow

Har du frågor om AmpliFlow eller vill boka en demo? Vi hjälper dig gärna att komma igång med kvalitets- och verksamhetsstyrning.

Kontaktuppgifter

Företag: Cognit Consulting AB
E-post: info@ampliflow.com
Adress: Varholmsgatan 2a, 414 74 Göteborg, Sverige

Hur kan vi hjälpa dig?

Boka demo - Se AmpliFlow i praktiken och ställ frågor
Få offert - Skräddarsydd prissättning för din organisation
Teknisk support - Hjälp med befintlig implementation
Partnerskap - Samarbetsmöjligheter för konsulter

Skicka e-post till info@ampliflow.com så återkommer vi inom 24 timmar.

Kontakta oss

Fyll i formuläret så återkommer vi inom 24 timmar. Du kan också nå oss på info@ampliflow.com.