The Cybersecurity Management Platform
Brind is a SaaS platform for cybersecurity professionals to transparently manage their organisation's and electronical information systems' securty controls, operate the Information Security Management System and assist in various (not only NIS2) audits.
Who is it for?
SMEs
Base Package
Are you solely responsible for NIS2? The cybersecurity is a new challenge at your organisation? Don't worry, we can help! Cybersecurity was not a priority for a significant proportion of organisations, but NIS2 has brought the issue to the fore. If you're a (C)ISO on your own and lack the resources, Brind is a great choice because
-
it gives you a framework and guides your work,
-
connect you with potential suppliers,
-
easy to engage external consultants,
-
helps you during the audit.
Corporates, company groups
Corp Package
Do you manage several organisations , which may be located in several countries? We can help you! If you are at a higher cybersecurity maturity level or if you are part of a group of companies and want to jointly manage the work of its member companies, we offer the following functions:
-
treat several organisations at the same time, completely separate from each other,
-
hierarchical rights management for IBFs/CISOs of parent and subsidiaries,
-
teamwork.
Each country implements NIS2 differently in its own legal system. Brind was set up to support compliance in all EU Member States. To achieve this, we are continuously working to support each country's local requirements with specific functionality. In this way we also want to support, for instance, the work of international companies to manage compliance in one platform.
This is an ongoing work, to which the Brind community contributes a lot. Become one of our volunteers (Member State Hero) and help us create specific features for your country.
Member State specific
NIS2 functions
Implemented
Ongoing
Soon
Supported cybersecurity frameworks
Brind's operations were established by NIS2, so our primary goal is to implement the set of requirements expected in each Member State and to enable our clients to meet this set of expectations.
Within the platform, you can create your own requirements system, alongside the frameworks defined by specific legislation, to capture, manage and measure the requirements of your organisation, as well as those of your supply chain. In addition, you can map these against your own (or your suppliers') regulatory requirements, further reducing the compliance and audit administration burden.
We aim to implement as many international frameworks as possible. NIST 800-53 rev. 5 will be followed by the implementation of the ISO 27001:2022 framework. If you need to implement any other framework, please contact us via the website.
Benefits through features
Manage
Developing an ISMS for your organisation is not a one-time task. It must be continuously evolving based on business needs, threats and the current state of cybersecurity maturity. The Brind platform helps you to operate cybersecurity based on a given framework(s) as a compass. In addition, the different subsidiaries can even be monitored in one place by the person with the appropriate permissions.
Controls
The Platform works on the basis of the cybersecurity control sets defined in each framework, expected by Member States because of NIS2 or defined by your organisation. Whether it is the requirements of your organisation or its IT, OT and cloud systems. Furthermore, they can be mapped together. Keep track of what's already complied with, what's in progress, what's missing or what might not be relevant. In addition, you can upload evidence at multiple levels for easy management.
Analysis
Not only the control can be found in the platform. Where possible, we also implement the corresponding formal proposed implementation. You can use these to assign a risk to security measures and determine their maturity in terms of people, process and technology. You can prioritise what is important from a business, cyber security and IT perspective to prepare development decisions. In addition, the built-in SWOT analysis functionality provides additional opportunities for planned improvement to support business needs.
Action Plan
In most cases, it is not a case of an organisation complying with all the checkpoints of a specific framework, letter by letter. In many cases this is an unrealistic expectation and goes against business interests and common sense. This is why we have created the Action Plan feature, which is a best practice (and often an expectation) for risk-based, planned cybersecurity development.
Supply Chain
The most recent frameworks and legislation, including NIS2, address supply chain risk as a priority. With Brind, you can easily define the security requirements for your electronic information systems developed and operated by external companies. You can easily collect the information and related evidence that is relevant to compliance and business interests. You can analyse these, assign risks to them and, if required, make them available to the auditor with just a few clicks.
Efficiency
Compliance is often a very administrative task. That's why we want to help our users with as many features as possible, to minimise the time and effort involved. That's why we have created the Magic Note function and various short cuts to help you easily structure the content of your previous assessment (and other) material. Due to the fact that in many cases the internal cybersecurity professionals work in teams and/or with the help of external consultants, we have built in several collaboration features to increase the efficiency of the work. Most importantly, you have control over your sensitive data.
Audit support
Like all compliance, in the case of NIS2, someone is checking that we are making the right progress in developing our cybersecurity maturity. These have been implemented in different models in different Member States. Some authorities do them under their own jurisdiction and with their own resources, others in cooperation with external private companies. There are also some countries where the audit activity is completely outsourced to third parties. To serve these models, we carry out various specific function developments where we are able to do so under the legislation and based on the needs of our clients.
Soon
SaaS and on-prem
Future feature. The platform is currently available as a pure SaaS solution. However, in the near future, we plan to make available a mechanism that will allow our customers to protect on their own infrastructure the sensitive information and evidence stored in Brind. By choosing this option, if someone does not reach the internal network (personal presence, VPN), only a blank management interface is visible from outside.
Resource Plan
Future feature. What is the first question an executive or board member asks when faced with an expectation such as the NIS2? How much will it cost? But it's also important for a responsible CISO to see how many resources are required to run the current operation and how much more budget, manpower and time is needed to evolve. We are working to give our customers an easy-to-use resource management function that relies on all the data managed in the system.
Soon
Marketplace
You are given a platform in which you have done a lot of work to identify the gaps that are missing to develop cybersecurity maturity and NIS2 compliance. Moreover, these can typically be addressed in different ways. For example, you may need to regulate and/or design, test, implement, operate, develop a technology control. Brind Marketplace makes your job easier. Select the controls you want to develop and find the vendors and service providers who are best placed to fill your gaps.