Mastering security in the digital era



 —   Risk Management    —   Regulations    —   Risk Report    —   Technical Controls    —   Classification    —   Risk Awareness    —   Asset Register    —   Cyber Security    —   ROI    —   Privacy    —   ISO/IEC 27001    —   People Controls    —   Organisational Control    —   Performance    —   Compliance    —   Project Risk    —   Risk Treatment    —   Information Security    —

About Veriscan

Veriscan started in 1999 to enable organizations to measure their information security performance. This led to developing Veriscan Rating, a well-recognized method including tools in Sweden. Veriscan early on based the company on the three pillars, Veriscan 3i.

  • Information Security: Focus on information security that now encompasses cyber security
  • ISO standards: Build and support the development of international recognized standards such as the ISO 27000 series
  • Independent Solutions: Creating tools and methods to support the management’s need of business control

    Veriscan products

    Veriscan has combined practical experience with the deep knowledge of international standards for over 20 years to develop products that can support organizations and experts around the world. These products handle information and cyber security in the ever-increasing digitalization and business possibilities that this evolution brings.

    This page focuses on two core support products to enable the business to get in control of security. They simply provide easy and pragmatic support to answer the two questions “what” you need to protect (Veriscan vIC™) and “why” and who should protect (VeriscanRISK™). Both support ISMS according to ISO/IEC 27001 as well as other regulations such as GDPR.


    Veriscan partners

    Veriscan has several partners that provide demonstrations and offer the Veriscan products. A Veriscan partner may also provide additional services. Veriscan will provide further information about partners upon request.

    Veriscan is constantly seeking new partners to provide our products to enhance management of security in the digital era. If your company is interested in becoming a trusted Veriscan partner, please do not hesitate to contact us.




    Great tool for risk reporting:

    • Various graphs can be selected
    • Reports for single risk assessments and aggregated data
    • Grouping and filtering for customized reports

    All business is about taking risks. The trick is to make conscious decisions on risks. The key to being able to make those decisions is that risks are identified and evaluated in a transparent and coherent manner within the organisation. Risk assessments must be made easy:

    • Identify risk and evaluate them
    • Decide risk treatment and activities
    • Communicate, report, mitigate and follow up activities for risk reduction

    There is no point in doing risk assessments if there is no activity done on the result; otherwise it is just an administrative burden.

    Ease of use is the prime focus of VeriscanRISK, the second but not less important is the flexibility to handle many types of risks and link these to many aspects.

    It seems so simple that a single risk may address many issues, but anyone with some experience knows that it is a challenge in any organisation with multiple regulations and a complex IT dependency. Just viewing VeriscanRISK for a couple of minutes will make it evident that this tool can take the theory to reality!

    VeriscanRISK enables


    Optimal Control:

    • Status and follow up of risks across the whole organization
    • Using risk assessments to integrate security in the normal work
    • Ability to address all types of risks, operational risks, information security risks, financial risks, etc
    • Transparent reporting can be made from many aspects and combinations suitable for different target groups


    • Configure according to your needs
    • Use your control catalogue, risk categories etc
    • Link your risks to controls, requirements, laws
    • Reflects the structure of your organization regardless of size
    • Uses your defined organizational structure and terminology, e.g. methods, taxonomy, roles and responsibilities

    Cost Efficiency:

    • A standard web browser on any device may be used
    • Get started immediately
    • Modern easy-to-use touch-GUI
    • Easy reporting by instant visibility of risks and activities
    • No client installations needed


    • Risk levels from start
    • Target levels after risk treatment
    • Changes to risk levels after risk follow-up
    • Status of activities, etc

    Veriscan vIC™

    Classification of your information assets

    Information is a key asset in all processes, communications and agreements made by an organization. Knowing where the information resides and how it´s being used is important. Even more critical is to understand what value specific information assets have for your organization, based on the potential consequences if it is exposed to the wrong audience, failure to secure its integrity, or failing availability when needed.

    Veriscan vIC™ will provide you with an effective and powerful tool to support your information asset identification and classification needs. With Veriscan vIC™ you have a tool to assess different information assets value to your organization, keeping track of what information that is needed by your different business processes and where, in what resources the information is being handled or stored. This will constitute the information protection and legal requirements that the resource layer (ICT/System, cloud services, vendors) will need to meet.

    Veriscan vIC may serve as the source of the protection needs and legal requirements of information assets as input to the to the Risk Analysis and Risk Management processes executed in your organization.

    In Veriscan vIC you will build ONE register covering the three information asset layers (processes, information and resources) dynamically as a result of your classification work and will support your Information Security Management System (ISMS) according to ISO/IEC 27001 as well as other regulations such as GDPR.

    Visualizing the dependencies and structure of the valuable information assets using this register is a prime value of Veriscan vIC, e.g. any gaps in the capability of the resources to meet the protection requirements of the information is clearly visualized or reported in the tool.

    Veriscan vIC enables

    Highlighting unmet demands of a classified asset in Veriscan vIC will make it evident that this tool can take the theory to reality.

    Optimal Control by:

    • One register for all information assets and classifications
    • Visual presentation of asset structure and relations
    • Tagging of specific requirements (regulations etc.)
    • Impact assessment of deficiencies from an information security or privacy perspective

    Flexibility by:

    • Configure according to your needs
    • Supports both information and resources as assets
    • Reflects the structure of your organization regardless of size
    • Use your defined process across the entire organization, e.g. methods, taxonomy, roles and responsibilities

    Cost Efficiency by:

    • No client installations needed, use standard web browsers on any device
    • Get started immediately
    • Modern easy-to-use touch-GUI
    • Easy reporting by instant visibility of assets and classifications

    Graphical Reports:

    The reports has immense possibilities such as :

    • Asset structure on information and/or resource level can be graphically visualized
    • List of information in certain resource such as a ICT service by just add that view
    • The value of the asset in different aspects including regulation, contracts etc. can be applied


    Veriscan is always looking for new partners and relations. Please let us know your intent and contact information. Veriscan or a partner will get back to you as soon as possible.

    Veriscan Security AB