Njordium Vendor Management System eliminates duplicate third-party assessments

Njordium Cyber Group has launched its Vendor Management System (VMS), a platform that eliminates the costly duplication of third-party assessments under Europe’s overlapping regulations.

70% of European organisations suffered a data breach in the past three years, and 77% of those breaches originated with a vendor or third party (Whistic, Third-Party Risk Management 2025 Impact Report). The average third-party risk team now spends more than 37 hours a week on repetitive administration, and is still falling further behind.

For banks, insurers and payment firms operating under NIS2, DORA, the Cyber Resilience Act and GDPR, and the newly operational European Anti-Money Laundering Authority (AMLA), the same vendors are assessed four or five times in parallel. This creates disconnected evidence trails that regulators increasingly regard as a compliance failure.

Njordium VMS addresses the issue at its root. One vendor assessment, performed once, simultaneously satisfies the requirements of NIS2, DORA, the Cyber Resilience Act, GDPR Article 28 and ISO 27001, while automatically generating aligned outputs for supply-chain (ISO 28001) and enterprise risk (ISO 31000) standards.

Built-in modules for ultimate beneficial ownership screening, politically exposed persons monitoring and suspicious activity reporting connect directly to regulatory workflows, helping organisations prevent compliance gaps before they arise. All data remains on-premise or in the client’s private cloud, no information ever leaves the client’s infrastructure.

“Whistic, KPMG and Gartner — three independent research bodies — arrived at the same structural diagnosis in the same twelve-month window in 2025: the architecture, not the effort, is broken,” said Mads Becker Jørgensen, CEO of Njordium Cyber Group. “We didn’t add another layer of complexity — we removed it. One assessment, seven regulatory outputs, one immutable audit trail. That is the new standard.”

Kim Haverblad, Senior Advisor at Njordium, added: “With AMLA now live, every obliged entity must ask whether its AML team and its vendor intelligence team are looking at the same reality. In most organisations they are not. Njordium closes that gap before the regulator does it for them.”

Key features include:

• Multi-framework engine — one assessment satisfies NIS2, DORA, CRA, GDPR, ISO 27001, implemented in accordance with ISO 31000 and ISO 28001 out of the box
• Risk-proportionate tiers — 30, 80 or 114 controls scaled to vendor criticality, with full nth-party mapping
• Preventive compliance module — UBO screening, PEP monitoring and SAR reporting to FI, designed to stop regulatory exposure at source
• Data sovereignty — on-premise or private cloud deployment, every AI decision fully auditable