For Unik, compliance is closely linked to trust. As a provider of business-critical IT solutions to customers who depend on stable operations and secure handling of data, the company faces high requirements for documentation, governance and transparency – both internally and externally.
When Unik chose NorthGRC as their GRC platform in 2023, the objective was clear: to bring all compliance activities together in one place and establish a structure that could scale alongside the organisation’s development.
Nadja Toft Kongstedt is Group Legal Counsel and Compliance Specialist at Unik. She is responsible for ensuring that the group operates in accordance with relevant legislation and internal policies – particularly within IT security and GDPR. At the same time, she works closely with senior management on contracts and compliance in customer dialogue.
“We deliver IT solutions that our customers consider business-critical. That’s why trust and stability are absolutely essential,” Nadja explains. “It requires our compliance work to be highly structured and transparent.”
For Unik, compliance is not only about internal processes, but also about demonstrating accountability to customers and partners.
“We must always be able to show how we protect data, manage risks and ensure stable operations – across the entire organisation.”
Unik actively works with both ISAE 3402 and ISAE 3000 statements, which are used directly in dialogue with customers.
“These statements help demonstrate that our compliance work is structured and transparent,” says Nadja. “They are an important part of the trust our customers expect from us.”
NorthGRC has been a central tool in managing these statements.
“We simply wouldn’t be able to complete the work without the tools available in the platform. The key factor for us is having everything gathered in one place.”
Unik operates with a hybrid compliance model, where individual departments document their work according to defined requirements, while Nadja has the overall responsibility for consolidating documentation, following up and ensuring alignment.
“When you have several departments, it’s crucial that documentation and follow-up are gathered in one place,” she explains. “I need to be able to continually check whether they are doing what they are supposed to – and this is exactly where NorthGRC makes a real difference.”
By centralising compliance activities in a single platform, Unik has established a process that is both structured and transparent – even when multiple entities are involved.
Interest in NorthGRC’s enterprise setup emerged alongside Unik’s strategic development. Following the acquisition of a Swedish company, Unik now operates as a group with several independent entities – and plans for further expansion.
“We have realised that the individual companies may have different compliance needs,” says Nadja. “There may be differences in maturity and national requirements that we need to manage.”
This is where the enterprise functionality became essential.
“The ability to gain a consolidated overview of the individual companies – while still being able to work flexibly at company level – fits perfectly with the journey we are on.”
Nadja is also responsible for expanding the compliance work across other countries.
“It’s an exciting task, and the enterprise setup gives us the framework needed to create oversight and governance – while still allowing us to accommodate different needs across companies.”
In day-to-day operations, the annual cycle and the risk management module are particularly indispensable.
“The risk management module is something we simply cannot do without,” says Nadja.
She uses both NorthGRC’s templates and internal documents, depending on the need.
“When we have started from scratch – for example with contingency plans – the templates have been a great help. They provide a framework for the considerations we need to make, combined with external guidelines.”
At the same time, she highlights the platform’s flexibility.
“We can also use our own templates and upload them directly. The flexibility of the platform is enormous, and it can be adapted precisely to the needs you have.”
For Nadja, it is not only the functionality that creates confidence, but also the way NorthGRC develops the platform.
“I feel that you are very good at understanding our needs and developing the platform accordingly,” she says. “We are listened to, and several times I’ve experienced that a request was already in the pipeline before I even mentioned it.”
This creates a sense of being ahead of the curve.
“I feel very confident that when we have a need, you are either already ahead of it – or we are being heard.”
The support function also plays an important role.
“An IT solution never comes without technical challenges. That’s why good support is essential – and you provide that,” says Nadja.
She particularly highlights the speed, proactivity and willingness to go into depth.
“They are fast, solution-oriented and happy to arrange meetings where we review things together. It’s a support function worth mentioning.”
For Unik, NorthGRC means that compliance and documentation are centralised, structured and ready to support a growing organisation.
“It provides peace of mind and a clear overview to have everything in one place,” Nadja concludes. “And it gives us a foundation that can grow with us as we continue to develop as a group.”
If you want the same level of structure, transparency and scalability that Unik has achieved, we would be happy to show you how NorthGRC can support your organisation.
Book a personal demo and see how you can centralise compliance, strengthen governance and gain a clear overview across your organisation.