At Berigo, we have been privileged to be a part of the conversation and a consultative partner to NVE in their recent investigation into the use of Microsoft Compliance Manager for compliance with the Kraftberedskapsforskriften (Power Preparedness Regulation). This regulation is crucial for securing digital information systems in the energy sector.
The report, titled “Investigation of Compliance Manager for use with the Power Preparedness Regulation” (NVE Report 16/2023), explores the potential of Microsoft Compliance Manager as a tool for assessing compliance with the requirements of the Kraftberedskapsforskriften. The report covers topics such as revision, control, ICT security, and cyber security.
One of the key findings of the report is that while Microsoft Compliance Manager is a powerful tool for manual work, it falls short in terms of automation. The system’s clear and visual interface, along with its point-based improvement actions, makes it easy for users to understand what needs to be done and what should be prioritized in their compliance work. However, the lack of automation for compliance checks and updates in custom templates is a limitation.
The report suggests that organizations could use a combination of Compliance Manager and Excel or Power BI to handle the automation aspect. This would involve creating an assessment with a template similar to NSM-GP in Compliance Manager, using what can be automated in that, and then exporting the improvement actions that have been done. The automatically handled ISO points could then be linked to corresponding actions from NSM-GP, creating an overview of how much of NSM-GP, and thus the Kraftberedskapsforskriften, has been handled automatically.
At Berigo, we understand the importance of these findings. As experts in cybersecurity, we are well-equipped to assist organizations in navigating the complexities of compliance with regulations such as the Kraftberedskapsforskriften. We can help organizations understand the capabilities and limitations of tools like Microsoft Compliance Manager, and develop strategies for effective compliance management.
We are committed to continuous work in understanding digital risk in relation to the operational operation of any organization. Our expertise in ISO, NIST, and other frameworks, coupled with our experience working with organizations where operational downtime is not an option, makes us a reliable partner in the field of cybersecurity.
For more information on how we can assist your organization in its cybersecurity and compliance efforts, please feel free to contact us.