IdentityStream

IdentityStream

Structured decision process for changes – built in close collaboration with Norway's most regulated industry

IdS Risk

IdS Risk gives organizations a structured decision process for changes – with insight, involvement and traceability from registration to decision and follow-up. At its core is POPS (Product, Organization, Process and System): a configurable decision workflow that ensures changes across products, organization, processes and systems are risk-assessed by the right disciplines and decided at the right level.

The solution provides risk owners with a consolidated decision basis including aggregated risk picture, recommendations, any disagreements and required actions – all collected in one shared platform with dashboards, supplier control and audit-ready documentation. Continuously developed in line with DORA, NIS2 and requirements for internal control and third-party risk.

POPS: decision process for changes in Product, Organization, Process and System

A complete decision workflow for change risk – from guided registration, through automatic involvement of the right disciplines, to a consolidated decision basis and action follow-up. Risk owners get an aggregated risk picture, recommendations and any disagreements – and can approve, approve with requirements, request further assessments or reject.

Dashboards and visualization

Get quick overview without Excel/Power BI: interactive dashboards and graphical reports with access-controlled insights. Export illustrations as PNG to PowerPoint/Word for management dialogue and audits.

Supplier register with compliance focus

Strengthen third-party risk and compliance with improved structure, note fields and filtering (e.g., suppliers without contract, without audit, awaiting response). Enables quick identification of gaps and better follow-up.

Notifications, deadlines and responsibilities – nothing slips through

Automatic notifications to responsible parties for deadlines, incidents and follow-up. Makes it easier to maintain control over risk assessments, supplier follow-up and internal control in practice.

Collaboration and full traceability

Discussion thread per case keeps clarifications and documentation collected where they belong. Attachments, history and audit log provide traceability from assessment to decision and action.

Form builder for controls and risk assessments

Build and customize forms with all field types, conditions and structure – for controls, self-declarations, risk assessments and internal processes. Supports rapid changes for new regulatory needs.

Continuous adaptation to DORA and NIS2

Developed continuously in dialogue with customers to cover DORA requirements for supplier management, ICT services and documentation. Planned internal control functionality makes controls, tasks and follow-up more systematic and audit-ready.

Consolidated decision basis for risk owners

Expert assessments are automatically consolidated into one overview: risk profile, recommendations, disagreements and required actions. Risk owners don't need to search – everything is ready for informed and traceable decisions.

AI-assisted decision support

The system suggests relevant assessment domains based on taxonomy, regulatory requirements and history from previous POPS cases. AI is used as support – never as a replacement for professional assessments. All suggestions can be accepted, edited or rejected.

Systemic learning and reuse

Over time the solution builds insight into which changes increase risk, which measures have the best effect and where in the organization processing time is longest. History from previous cases is actively reused for better suggestions and decision support.

How POPS works

The decision process – from change to action

POPS provides a complete and traceable decision workflow for changes in product, organization, process and system. The process ensures proper involvement, quality-assured assessments and informed decisions – without unnecessary bureaucracy.

1.Registration

The case handler registers the change with a short description and attachments. Guided registration makes it easy to get started – supplementary information is requested contextually.

2.Risk analysis and routing

The system suggests relevant assessment domains based on configuration. The case is automatically routed to the right disciplines.

3.Expert assessments

Experts receive their relevant part of the case in a structured assessment view. They identify risks, provide recommendations and specify required actions – with dialogue and traceability in the case.

4.Consolidation

Assessments are consolidated into an aggregated risk profile.

5.Risk owner's decision

The risk owner receives a complete decision basis: risk picture, recommendations, disagreements and proposed requirements. Can approve, approve with requirements, request further assessments or reject.

6.Action follow-up

Requirements and actions are registered with responsible party, deadline and status. Follow-up happens in the same solution as everything else – one surface for assessment, decision and implementation.

7.Learning and improvement

Over time the organization builds insight from previous cases: which changes increase risk, which measures work – and history can be reused for better suggestions and decision support.

Screenshots from IdS Risk

Selected screenshots showing the user interface and functionality.

Target Groups & Use Cases

Who is IdS Risk suitable for? The solution is especially relevant for:

  • Compliance and internal control officers: Document compliance, measures and decisions in an audit-friendly way – with traceability across changes and suppliers.
  • Risk management (2nd line): Standardize risk assessments and quality assurance, and get a comprehensive risk picture for management dialogue and priorities.
  • CISO / IT security: Ensure changes are properly assessed (CIA, access, exposure), and that findings and reservations are documented and followed up.
  • Management and decision-makers: Get dashboard-based insight into status, trends and risk areas – without manual reports.

Typical use cases:

  • Structured risk assessment and decision before changes in product, organization, process or system (POPS).
  • Document and follow up third-party risk: suppliers without contract/audit, missing assessments and deadlines.
  • Management reporting and audits: retrieve graphical overview and traceable documentation in minutes.
  • Continuous improvement: learning from assessments, discussions and measures – all collected and reusable.
  • Outsourcing assessment – with automatic linking to supplier register/RoI and checklists for notification processes.
  • Onboarding new products, services or systems with guided registration and proper involvement from day one.

Customer Value and Benefits

  • Shorter time from change proposal to informed decision – with guided registration and automatic expert involvement
  • Reduced manual work – less Excel, fewer emails and less manual compilation of reports
  • Faster identification of vulnerabilities and gaps in supplier portfolio
  • Strengthened documentation for internal control, audit and supervision – with full traceability from assessment to decision
  • Consolidated risk picture for management: recommendations, disagreements and actions collected in one decision basis
  • Reuse of previous assessments and measures provides better quality and faster processing over time
  • Easier for submitters, better for experts and safer for risk owners to make informed decisions

Regulatory Compliance

  • DORA: Supports requirements for change risk, third-party risk and documentation. Continuous development in dialogue with customers.
  • Transparency Act: Supplier register and follow-up facilitates mapping, control and documentable due diligence in the supply chain.
  • Internal control: Standardize processes, responsibilities and follow-up with traceable history – ready for audit and supervision.

Development of IdS Risk

Planned Extensions and Roadmap

IdS Risk is not a project – it's a product in continuous development. The roadmap below shows how risk management, internal control and compliance are strengthened step by step, in close dialogue with customers.

Established GRC Functionality

Available today

  • POPS – decision process for changes
  • Register of Information (RoI)
  • Supplier register and third-party risk
  • Measures database and follow-up
  • Incident database with DORA classification
  • Handling of customer complaints, customer fraud and AML suspicions
  • Dashboards and visual insight

Under Development

3-12 months

  • Function and process register (BIA)
  • Policy and procedure register
  • Control database for internal control

Planned Innovations

6-12 months

  • Comprehensive risk register
  • Global dashboards across services
  • Copilot and Teams integration

Next Generation GRC

12-24 months

  • AI-supported forms and assessments
  • Extended Copilot support in Teams
  • GRC Standard Bank – shared framework

The roadmap shows planned direction based on current needs and regulatory guidelines. Features and timelines may be adjusted in dialogue with customers.

Want to learn more?Book demo👉

Book demo

Get in touch

Address

IdentityStream AS

Laberget 22

4020 Stavanger

Phone number
(+47) 98 23 24 55
Email
hello@identitystream.com