Experis Secure

Experis Secure consists of various security services specially developed for managers and employees in small and medium-sized companies. Our security services help you deal with digital risk, and you get concrete measures against the most common threats.

Experis Secure Foundation365

Are you a leader of a small or medium-sized business, and are concerned about good digital security, but do not quite know where to start?


Experis Secure Foundation365 is tailored to your company. We make security easy for you and ensure that you can manage the digital security area while becoming more resilient to the most common threats.


Experis Secure Foundation365 consists of six modules that are an annual safety and maturity evaluation of the company, with tailored recommendations to management, protection against attacks via e-mail, an e-learning program and regular safety tips for all employees.


Content of the service:

  • Condition measurement
  • Email protection
  • E-learning course
  • Safety tips
  • Phishing simulation
  • Security Advisor


We help you with digital security, so you can concentrate on your business.


Read more about Experis Secure Foundation365 here.

Experis Secure Management

A modularized framework for management and governance of cyber security, based on national and international standards, including NSM's basic principles for ICT security, ISO 27001 and ISO 31000. The management system is suitable for all types of companies and sizes.


Experis has developed a framework of Experis Secure Management (ESM) for information security based on national and international standards.


Experis Secure Management is a framework for how information security should be managed and followed up in the company. The management system is based on national and international standards, including NSM's basic principles for ICT security, ISO 27001 and ISO 31000.


The management system is suitable for all types of businesses of all sizes. The management system consists of a set of templates for demanding documents and procedures, and documentation that the management system is operational and is complied with. The management system also contains simple tools, including risk management.


The management system is flexible and can be adapted to the company's individual needs. How comprehensive the management system should be depends on the company's size and complexity, external requirements that must be complied with and the company's own ambition for information security.


 The control system consists of three main elements: 


1. Management documents necessary to define the requirements for the business.

2. Main processes that are necessary to operationalize the key parts of the requirements.

3. Tools and templates to simplify the implementation of the processes and be able to ensure documentation that the processes have been complied with.


The management system is structured as modules, so that the company can easily work with the areas that are important. The modules are designed as templates, where most of the content has already been written. The implementation is then about adapting the documents to the company. It saves time and money. You choose whether you want to adapt the management system yourself, or whether we will assist you with this

Experis Secure Culture

Helps your business detect vulnerabilities in IT systems. These can be, for example, security issues and misconfigurations that can cause vulnerabilities in the company's critical systems.


Security culture is the attitudes, knowledge, skills and behavior that the people in the organization have and that protect the company's values against digital messes.


A comprehensive security program will ensure that employees have the right knowledge, skills and attitudes to be able to protect the company's digital values against attacks. Educating and training employees in digital security is mandatory for many companies, but do you evaluate the impact of these measures?


We offer a proven method for mapping the digital security culture in your business. The survey helps you to document the current situation and to set goals for future safety work.


A regular review of the survey will provide you with useful management information to help you evaluate completed training and awareness-raising campaigns.


Experis Secure Culture


This is what our report on safety culture can do for you:

  • Give you a better understanding of the strengths and weaknesses of your organization
  • Help you identify the areas you need to work on to develop the safety culture you want
  • Put yourself in a better position to be able to set goals for the safety work, and to know when you have reached the goals


We help you send a digital questionnaire to your employees. The survey has 30 questions, and you can customize the survey by adding five questions specific to your business. The survey is available in Norwegian, Swedish and English.


The report provides valuable insight into the following areas:

  • Attitudes towards digitization and digital security
  • Trust and perception of risk
  • Leadership and control
  • Behavioral patterns
  • Competence, learning and interest
Experis Secure Scan

Helps your business detect vulnerabilities in IT systems. These can be security issues and misconfigurations that can cause vulnerabilities in the company's critical systems.


The benefits of Experis Secure Scan

  • Identify potential safety issues, before full penetration testing
  • Prioritization of security challenges
  • Targeted reduction of vulnerabilities
  • Need for formal reporting to managers
  • Satisfy the need for external / third party security review
  • A compliance mandate: PCI, HIPAA and ISO 27001
  • A continuous process provides a high level of insight into the security situation


Experis Secure Scan consists of 4 phases:

1. Identification of IT assets

2. Vulnerability scanning after the industry's leading scanner

3. Analysis of results by leading security experts

4. Discovery report and recommendations


We offer two models:

Experis Secure Scan - Single vulnerability scan

  • Easy scanning of IT resources
  • Report will be sent via email
  • Assessment report from security expert
  • Affordable
  • No subscriptions required
  • Enables organizations to detect vulnerabilities in the environment and measure the level of security against real threats


Experis Secure Scan Continuous - a continuous and subscription-based scan

  • Regular scans of IT resources
  • Interactive access to dashboard
  • Regular assessments report by security experts
  • Reports will be sent by email - Optional
  • Affordable
  • Subscription required
  • Enable organizations to detect environmental vulnerabilities and regularly measure security levels against real threats
Experis Secure Privacy

Together with subcontractors, Experis offers a comprehensive package to help you and your business comply with the requirements of the GDPR.


What you get:

  • Access to and training in digital tools for keeping statutory treatment protocols
  • Access to digital template tools (privacy statement template, DPIA template, consent templates, data processor agreement templates, etc.)
  • Annual review and assessment of data processor agreements and data processor relationships
  • Annual review and assessment of required GDPR documentation
  • Advicing with consultent


The package consists of effective tools for keeping and updating the statutory processing protocol, digital template tools for designing data processor agreements, privacy impact assessments (DPIA), privacy statements, consent collection, etc. In addition to accessing the digital tools, Experis privacy experts will review the company's data processor agreements, , statements of consent, treatment protocols and DPIAs.


After the reviews are completed, you will receive a report. This report tells you what you are doing well, what you are not doing so well, and what you should do to correct any deficiencies. The result and the report are concrete and action-oriented and will in that way contribute to you being able to easily improve your compliance with the legislation.

Experis Secure CISOaaS

A CISO from Experis will be part of their team, with responsibility for making the business more robust against digital threats and for ensuring that legal and contractual requirements for digital security are met.


We lead the work of protecting your business from digital threats.


Many companies do not have their own Chief Information Security Officer (CISO), but often have it as a role that is taken care of by someone who lacks experience with complex security challenges and projects. This role is essential to ensure that the business has a predictable security of digital services.


Experis has a broad team, with extensive experience in security management, development of security strategies, security certifications, operational security, security architecture, project management, security training and privacy. With CISO as a service, you can be sure to always have access to the expertise that is best suited to your challenges and level of ambition.


A CISO from Experis will be part of their team, with responsibility for making the business more robust against digital threats and for ensuring that legal and contractual requirements for digital security are met.


Examples of CISO's tasks:

  • Advise management in digital security, and further develop strategy, vision and goals for the security area in accordance with the company's goals and ambitions.
  •  Establish processes and KPIs for reporting to management, as well as processes for measuring the maturity in terms of information security.
  • Continuous management of the security area, including establishing, managing and further developing governing documents and processes.
  • Ensure compliance with laws, regulations and other external requirements for digital security and privacy.
  • Ensure that the company is up to date on trends and developments in the industry and be a driving force for a proactive approach to digital security.
  • Notify of events and changes in the threat picture.
  • Contribute to implementing digital security requirements and conduct audits.
  • Be a driving force and contribute to the implementation of risk assessments, establish a risk profile, establish necessary measures and maintain good internal control in relation to the company's needs.
  • Lead the operational safety work: Take care of incident and deviation handling.
  • Work with safety culture.


We recommend planning the use of CISOaaS in three phases:


Phase 1: Start-up and mapping
Mapping of existing processes, roles, systems and security solutions. Mapping of needs and ambition, development and anchoring of a plan for the work with digital security.
Recommended scope and duration: 2-3 days per week for 3 months.


Phase 2: You get
mplementation of plan. We focus on working with management and those who have security roles in the business. In this phase, we will also contribute to building up competence in those who have security roles.
Recommended scope and duration: 1-2 days per week for 6-9 months. For particularly complex projects or tasks, the scope and duration can be extended.


Phase 3: Transfer phase
Transfer of security responsibilities to internal roles. We focus on taking on a mentoring role for those who are to take care of the safety responsibility themselves.
Recommended scope and duration: 1 days per week for 3 months. For particularly complex projects or tasks, the scope and duration can be extended.


There may be a need for different competence and experience in the different phases. Experis CISOaaS is a large team with varied expertise and can therefore ensure that you have access to the one who has the best conditions to assist you.



Experis Secure DPO

Experis offers data protection for companies that cannot or do not want to use it internally.


Several Norwegian companies are required to have a privacy representative, but especially for smaller companies, it can be unprofitable to hire a full-time expert.


The competence requirements are also so high that it is rare for employees to meet the requirements.


Experis offers external privacy managers, who routinely perform random sampling and minor internal audits in the company, and who can hold courses and training for employees.


The Privacy Ombudsman will be able to assist the company in implementing DPIA, and help the company answer questions related to privacy, both from customers and the Norwegian Data Protection Authority.

Experis Secure DPIA

Experis offers a review of privacy implications (often referred to as Data Protection Impact Assessment).


DPIA has much in common with traditional risk analysis in the field of information security. Both aim to map and weight the consequences, and then ensure that measures are implemented to limit any consequences.


A traditional risk analysis is often considered a consequence for the business itself, or for the client. However, an assessment of privacy implications aims to identify the consequences and risks for the data subject, so that the data controller can introduce measures to limit the consequences of the processing routines, or possibly decide that the processing should not be introduced. Such an assessment should be made before you process personal data.


The fact is that many unfortunately have not performed a DPIA in all cases where they should.


We therefore recommend that a DPIA is also performed for start-up treatment procedures, to correct these.

Experis Secure Supply Chain

Experis Secure Supply Chain is a service for companies that want to ensure the quality of their subcontractors' work with digital security in a satisfactory manner. 

The Experis Secure Supply Chain consists of the following elements:

  • Condition measurement
  • Audit report with action plan
  • Vulnerability mapping

Read more about Experis Secure Supply Chain here.

Silje Helen Dyvik Experis
Silje Helen Dyvik Experis
Silje Helen Dyvik, Cybersecurity Customer Manager
Do you want to know more? Contact me by Phone: 40 23 10 74 / Email: [email protected]