Sample dashboard

What your supply-chain command centre looks like

A live, continuously-updated view of your suppliers' NIS2 risk — exploitation-aware prioritisation, impersonation exposure, concentration risk and audit-ready evidence.

Sample dashboard — fictional company data. This is the live monitoring view norppa.io gives you; every plan includes 100+ automated checks run daily across your suppliers.

1 critical finding open >7 days — SLA breach

2 supplier attestation(s) contradicted by observed evidence — review

2 high findings open >30 days

Continuous monitoring since 04/2026 · 2 compliance reports generated

Security Score

62/100

Needs attention

+5 · 7d

Active Alerts

6 require immediate action

2 crit.4 high6 med.

Suppliers Monitored

5 / 10

Scans run daily

Last Scan

2h ago

Scans run daily

Scanned today

NIS2 Compliance Status

56%(5/9)

articles clear

Art. 21(2)(a)Policies

Art. 21(2)(b)Incident handling2

Art. 21(2)(c)Business continuity

Art. 21(2)(d)Supply chain1

Art. 21(2)(e)Vulnerability handling3

Art. 21(2)(h)Cryptography1

Art. 21(2)(i)Asset management

Art. 21(2)(j)Access control

Art. 23Incident reporting

Supplier risk overview

SupplierScoreFindingsLast scan

Acme Logistics Oyacme-logistics.fiContradicted38/1003 findings2h ago

Nordic Cloud Servicesnordic-cloud.eu51/1002 findings5h ago

DataBridge Oydatabridge.fiQuestioned64/1001 findings3h ago

Helsinki Components Abhel-components.se78/100No critical/high8h ago

Baltic Freight OÜbaltic-freight.ee71/100No critical/high12h ago

Critical & high findings

CVE-2026-9142CVSS 9.8EPSS 92% · 98th pctCISA KEVtcp/443

Ask your supplier to: Apply the available security patch immediately; this vulnerability is actively exploited (CISA KEV).

Posture trend

Open critical + high, last 12 months

070809101112010203040506

Median time to resolve: 9dOpened / resolved (12 mo): 18 / 22

Systemic Risks

Same finding type across multiple suppliers

HighCVE vulnerability identified3 suppliers

MediumDNSSEC not enabled3 suppliers

Mediumsecurity.txt incomplete2 suppliers

Systemic risks indicate procurement or contract gaps — higher priority than isolated findings.

Recent Exploit Alerts

CISA KEV additions — last 30 days

CVE-2026-11645Google — Chromium V8Jun 9
CVE-2026-20245Cisco — Catalyst SD-WAN ManagerJun 9
CVE-2026-7473Apache — HTTP ServerJun 8
CVE-2026-42271Atlassian — ConfluenceJun 8

Impersonation & domain exposure

Email-spoofing posture3 suppliers

DMARC · 3DNSSEC · 2DKIM key · 1

Domain lifecycle

DataBridge Oyexpiring6d

Supply-chain concentration

Shared hosting

AWS eu-west-13 suppliers

Single-vendor dependency

Acme Logistics Oy

Evidence-backed attestation

Supplier self-attestations cross-checked against what we actually observe.

Verified · 12Contradicted · 1Questioned · 3Consistent · 8

AI executive brief

Portfolio risk is elevated this period: two critical findings need immediate action — a supplier on an active ransomware victim list and leaked employee credentials. Email-spoofing gaps affect three suppliers and one domain expires within a week. Remediation velocity is improving (median 9 days).

See this for your own supplier network

New suppliers are queued for scanning immediately — no agents to install.

See a sample monthly report

See pricing