Built for regulated organizations

NetDefiner — make regulations executable in your real IT environment

From requirements -> controls -> evidence -> a clear status view. NetDefiner helps organizations working against NIS2, GDPR and ISO requirements move from text and documents to verifiable compliance in operations. We connect technical measurement points, targeted forms for the right roles and traceable evidence—so you can show status quickly and work systematically with gaps and actions.

Register interest for the pilotBook a demo
Windows, Linux, macOSOn-premises by defaultSupports isolated zonesRole-based reportingTraceable evidence chain

Why this is hard today

When requirements rise, compliance becomes an IT issue

  • Requirements are interpreted in documents - but must be proven in real systems
  • Evidence becomes scattered (logs, systems, spreadsheets, consultant reports)
  • Hard to answer fast: "Where do we stand right now - and what matters most?"
  • Changes often mean the work starts over

NetDefiner is built to make this continuous, traceable and updatable as your environment changes.

What NetDefiner is

NetDefiner = an evidence engine for cybersecurity and compliance

NetDefiner is not another document tool. It is an engine that makes requirements executable by connecting them to:

  • Controls and measurement points

    Clarifies what must be in place, how it is measured, and what needs follow-up.

  • Technical collection

    Automatic collection where possible, close to your environment, with clear limits on what is gathered.

  • Human confirmations

    Through role-based forms when responsibility, exceptions, and decisions need confirmation.

  • A unified status view

    Brings gaps, actions, and traceability into one view that shows status over time.

On-premises by default: NetDefiner runs inside the customer environment. The customer chooses scope and what is shared - nothing leaves the environment without explicit consent.

Regulatory modules

Modules tied to the regulations - not isolated features

NetDefiner delivers the operating model around the requirements. Everything is tied to evidence and accountability.

  • Incident management

    Structure, ownership, timeline, decision trail and post-incident review tied to requirements.

  • Training per role

    Right training for the right responsibility - with traceable completion.

  • Role-based reporting

    Leadership, CISO/compliance, IT and system owners each get a view of the same truth.

  • Digital procedure descriptions

    "How we do it" tied to controls, evidence requirements and follow-up.

  • System inventory

    Living register with ownership, classification, dependencies and status.

  • Assessments

    Risk, impact, exceptions and risk acceptance - trackable over time.

How it works

How it works in practice

Five steps that make compliance practical in day-to-day operations. When something changes, it moves from assessment and decision to action and verified evidence.

  1. Inventory & classification

    We build a baseline from automated collection and digital classification of systems and data.

  2. Risk & gaps

    Gaps become clear, are prioritized by classification, and get clear owners.

  3. Action plan

    You get an actionable plan with responsibility, next steps, and what it takes to count as complete.

  4. Execute & verify

    NetDefiner verifies that actions have effect and gathers sign-offs where needed.

  5. Continuous monitoring & reporting

    When something changes, the right workflow is triggered and reports update so status stays current.

Information scope

What information NetDefiner can work with

NetDefiner builds evidence from how your systems actually operate - how applications communicate, the protection level, what changes over time and where information resides.

When collection detects a change that can affect compliance, NetDefiner automatically triggers the right flow: assessment, decision, action and verification - with traceability.

Digital forms complement the technical side with what the law requires people to confirm: classification, ownership, exceptions, risk acceptance, continuity requirements, incident assessments and sign-offs.

  • How applications and systems communicate with the outside world - and when it changes.
  • A current view of devices and systems - and how they connect.
  • What is installed and whether it meets the required update level.
  • Whether baseline protection is active and if the protection level degrades.
  • Events and logs - summarized in plain language, not raw data.
  • What runs in the background and whether operational behavior changes.
  • Where data lives, who has access and how recovery capability looks.

What you get immediately

Right view for the right role - without parallel truths

  • Leadership

    Status, risk, priorities, and traceability at a level you can steer by.

  • CISO/Compliance

    Controls, evidence, and audit material ready for review and follow-up.

  • System owners/IT

    Concrete gaps and action lists per system, with owners, status, and next steps.

  • Evidence pack

    Structured, reusable, and updatable over time, with history for audit.

Regulated environments

Designed for regulated and sensitive environments

NetDefiner is built for the reality of the public sector and other regulated operations:

  • Close to your environment

    Runs on site with agent-based collection near systems and data for Windows, Linux, and macOS.

  • Controlled data collection

    Minimal collection focused on evidence, with clear limits on what is gathered.

  • Traceability at every step

    Who did what, when, and on what basis - ready for review.

  • Support for isolated zones

    Works in segmented networks and high-security environments.

Use cases

Examples of how NetDefiner is used

NIS2 readiness

Controls -> gaps -> actions -> evidence, so readiness can be tracked and demonstrated.

Audit

Show status quickly and export structured material that stands up to external review.

Change

A new platform or update immediately produces an updated status view and new evidence.

Incident

Quick overview of status, ownership, and decision trails to act early and correctly.

System inventory and classification

A living register with ownership, dependencies, classification and follow-up.

Training per role

Right knowledge for the right responsibility - traceable and linked to your procedures and controls.

Next steps

How to move forward

A short, practical path to your first status view.

  1. Short needs workshop

    Goals, scope, and roles - we define what must be proven first.

  2. Choose the first package

    Define the minimum evidence level and which framework to prioritize.

  3. Start collection + forms

    The first status view is built with technical collection and targeted questions.

  4. Prioritized action plan

    Action plan and an updatable evidence base that can be followed over time.

Stop chasing evidence after the fact. Make compliance a repeatable way of working in operations.

Ready to make NIS2 practical?

Tell us which systems and environments you want to start with, and we will show an approach that quickly gives current state, accountability and a clear action plan.

Register interest for the pilotBook a demo