For organisations operating in critical sectors, the requirements for information security are becoming increasingly extensive. With the introduction of the NIS2 Directive, organisations must be able to document how they manage risks, protect data, and work systematically with security.
At Scanel International, which among other things delivers technical solutions to the energy sector, information security has therefore become a key focus area. To create structure in this work, Scanel International has consolidated their NIS2 activities in NorthGRC.
Martin Engelbrekt Jensen is QHSE & Sustainability Manager at Scanel International and is responsible for the company’s work with quality, environment, occupational health and safety, sustainability, and NIS2.
“I already work with ISO standards within quality, environment and occupational health and safety, all of which require structure and documentation. Therefore, it was natural that I also took responsibility for NIS2,” he explains.
Scanel International already operates in a structured manner in accordance with several standards – including ISO 27001/2 – without necessarily being certified.
“If a major customer one day requires ISO 27001 certification, we’re not far from it. We already work according to the standard.”
As a company operating in a critical sector, Scanel International clearly experiences how regulation influences its approach to information security.
“NIS2 has made us far more structured in our work. We pay much closer attention to what is happening in the world – for example, new cyber-attacks or vulnerabilities in systems,” says Martin.
This knowledge is continuously discussed internally and translated into concrete improvements in the organisation’s security practices.
For Scanel International, NorthGRC serves as the platform that brings together and structures their NIS2 work.
“NorthGRC is a good tool for structuring things – but also for keeping us up to date with what we need to do and when we need to do it,” Martin explains.
In particular, the compliance annual cycle plays an important role in day-to-day management.
“The annual cycle provides a very good overview of the activities and tasks we need to complete. We actively use it to plan our work.”
At Scanel International, the compliance annual cycle is also aligned with the company’s wider planning processes, ensuring that work with information security follows the organisation’s normal workflows.
As the requirements for information security increase, the need for documentation grows as well – both from authorities and from customers.
“The system can generate reports that we can present to our customers. Customer demand increases slightly every year,” Martin explains.
Documentation, therefore, becomes not only an internal discipline but also an important part of the dialogue with customers and partners.
For Scanel International, a significant part of the value lies in the fact that NorthGRC makes it much easier to get started.
“The policies are already there. You simply go in and adapt them to your own organisation,” says Martin.
This means the company does not have to start from scratch when establishing structure, controls and documentation.
“We could probably do it ourselves – but it would require far more resources. NorthGRC makes it easier to keep track of the requirements and work with them systematically.”
He also highlights support as an important part of the experience.
“The support team is quick to provide feedback, and it is reassuring to know that help is always available.”
At Scanel International, the work with NIS2 is not placed within a single function, but anchored in collaboration between compliance and IT.
Martin drives the structure, documentation, and follow-up, while the IT department handles the technical implementation. With NorthGRC as the shared framework, Scanel International can coordinate its work and ensure the organisation stays continuously up to date with requirements.
“It gives us a system where we can bring everything together and stay up to date. It makes the work far more manageable.”
With NorthGRC, you gain a clear overview of requirements, controls and documentation – making it easier to manage security in a structured way.
Experience NorthGRC for yourself. Book a demo today.