Know your suppliers are safe. Every day.
norppa.io monitors your supply chain for NIS2 compliance risks — ransomware exposure, credential leaks, certificate failures — and delivers a board-ready NIS2 report every month. Automatically.
NIS2 Compliance Score
3 suppliers monitored
Suppliers
Critical: Infostealer credential detected
Acme Oy — 4 hours ago
Complete external intelligence. Built for NIS2.
Supply Chain Risk
15 automated checks per supplier. Sanctions lists, ransomware victim lists, infostealer credential leaks, TLS/certificate health, DNS integrity, breach data, business registry anomalies and news monitoring.
Dark Web Intelligence
Daily dark web intelligence monitoring — if your supplier's employees have credentials in dark web markets, you'll know before attackers act. Mapped to NIS2 Art. 21(2)(i).
Ransomware Victim Tracking
Multiple ransomware intelligence feeds checked daily against all your suppliers. Dozens of active groups tracked continuously. Immediate email alert if a supplier appears on a victim list. Mapped to NIS2 Art. 21(2)(e).
NIS2 Compliance Evidence
Every finding automatically mapped to its NIS2 article — Art. 21(2)(d) supply chain, Art. 21(2)(h) cryptography, Art. 21(2)(i) credentials, Art. 23 incident reporting. Monthly PDF report ready for your board and auditors.
Certificate and Infrastructure
TLS certificates, DNS health, DNSSEC, email security (SPF/DKIM/DMARC), exposed services and subdomain discovery monitored continuously. Alert when certificate expires in under 14 days.
Breach & Exposure Monitoring
Breach databases, paste sites and credential exposure checked weekly. Know if your suppliers' accounts or data have appeared in public leaks — before it becomes your problem.
Continuous Supply Chain Visibility
See your entire supplier ecosystem at a glance. Every connection monitored, every risk identified, every day.
Your Data Stays in Finland
All customer data — findings, reports and monitoring history — is stored on infrastructure in Finland. We use Cloudflare's EU infrastructure for content delivery. GDPR compliant by architecture.
How it works
Add your suppliers
Just the domain name, takes 5 minutes.
We check dozens of intelligence sources
Daily for critical threats, weekly for infrastructure, monthly for your full report.
Critical findings trigger an alert
Email alert for ransomware listing, infostealer leak, or certificate expiry under 14 days.
Monthly NIS2 report generated
Automatically on the 1st of each month — PDF ready to download and present to your board.
More coverage. Built for NIS2.
| Feature | norppa.io Basic | Traditional EASM tools | Manual process |
|---|---|---|---|
| Supply chain monitoring | Included | Not included | Manual spreadsheet |
| Dark web infostealer monitoring | Daily | Not included | Not feasible |
| Ransomware victim tracking | Daily | Not included | Manual |
| NIS2 article-mapped report | Monthly PDF | Not included | Manual |
| Certificate & subdomain monitoring | Continuous | Continuous | Manual |
| Data stored in Finland / EU | Yes | Partial | Depends |
| Active scanning add-on | +€199/mo | Higher tiers only | N/A |
Based on publicly available feature comparisons. Subject to change.
NIS2 requires you to manage supply chain risk. Are you ready?
The EU NIS2 Directive (effective October 2024) requires medium and large companies in critical sectors to actively manage cybersecurity risks in their supply chains. Article 21(2)(d) specifically mandates supply chain security measures. Non-compliance can result in fines up to €10M or 2% of global turnover.
Read NIS2 Art. 21 →160,000–200,000 companies across the EU are directly obligated
Finance, energy, healthcare, transport, digital infrastructure — NIS2 applies EU-wide with the same requirements in every member state.
Supply chain vendors face indirect pressure
Even if you're not directly obligated, your customers will demand proof of security posture. norppa.io helps you provide it.
Board-level reporting is required
norppa.io automates it. Monthly PDF with all findings mapped to NIS2 articles and risk scores — ready for your board meeting.
Trusted by security-conscious companies
Currently in early access. See what pilot customers are discovering.
“First tool that actually maps findings to specific NIS2 articles. Board presentation ready in minutes.”
CISO, Finnish manufacturing company
“We found an infostealer compromise in one of our key suppliers within the first week of monitoring.”
IT Manager, Nordic logistics company
“Finally a supply chain monitoring tool priced for a company our size.”
Compliance Officer, Finnish SaaS company
Become a pilot customer
We're onboarding a limited number of pilot customers now. Pilot pricing available — contact us to discuss.