Compliance

Vodanet delivers network and security solutions aligned with the EU Cyber Resilience Act (CRA), the NIS2 Directive and ISO 27001 principles.
We operate with secure-by-design practices, maintain full documentation, and use only vendors with proven security processes and compliance.

Our approach ensures networks that are not only functional – but secure, documented and future-proof.

CRA - Cyber Resilience ACT

From 2027, CRA requires all digital products — including networking equipment, firewalls, IoT and software — to demonstrate documented security, lifecycle management and CE compliance.

Vodanet already applies CRA principles across all solutions:

Secure-by-design architecture and configurations
Documented lifecycle for all components
Firmware and patch management
Vulnerability management and PSIRT processes
CE-compliant, traceable hardware
Enterprise vendors with documented security: Cisco, Fortinet, Juniper Mist, Lenovo, Hikvision

Your infrastructure already aligns with the security baseline that becomes mandatory in 2027. CRA Ready ensures reduced risk, documented quality and audit readiness.

1. What is the Cyber Resilience Act (CRA)?

The Cyber Resilience Act is an EU regulation that sets mandatory security, documentation and update requirements for all digital products – hardware and software. From 2027, products may only be sold in the EU if they meet defined security, firmware and lifecycle documentation standards.

2. Who is covered by the CRA?

All manufacturers, importers, distributors and business users are affected. CRA applies to any product with digital elements: networking equipment, IoT devices, firewalls, cameras, software, PCs and industrial systems.

3. How does the CRA affect our network?

CRA requires equipment to include documented security, a defined firmware and patch strategy, vulnerability management and proper CE marking. Hardware without documentation or an update lifecycle will not be legally usable in the EU from 2027.

4. What does Vodanet do to ensure CRA compliance?

Vodanet delivers network solutions based on technologies that document security, firmware handling, vulnerability management and software supply chain processes. We follow secure-by-design principles and fully document each installation.

5. Do we need to replace any equipment before 2027?

It depends on your current environment. Older or consumer-grade equipment without security updates will typically not become CRA-compliant. Vodanet can review your installation and provide a clear assessment.

6. Is Vodanet CRA-certified?

There is no CRA certification for companies – only for products. Vodanet works according to CRA principles and delivers solutions based on products that meet these requirements.

7. How is CRA compliance documented?

Documentation typically includes:
– Hardware and firmware lists
– Vendor documentation
– SBOM (where relevant)
– Network diagrams
– Security configurations
– Patch and update procedures

8. What happens if you do not comply with the CRA?

Manufacturers face significant fines, but organisations using non-compliant equipment may be forced to replace it and risk audit findings or operational restrictions.

NIS2 - Network Security for Critical & Essential Sectors

NIS2 sets strict requirements for network security, governance and documentation.
Organisations must ensure segmentation, access control, logging, incident handling and risk governance.
Vodanet supports NIS2-aligned architectures:

Segmentation & Zero Trust
Secure configuration of LAN, Wi-Fi, firewalls and WAN
Logging, monitoring and alerting
Documentation for audits
Governance and continuous assessments

A robust, compliant and fully documented infrastructure.

1. What is NIS2?

NIS2 is the EU security directive for critical and essential sectors. It requires governance, risk management, incident handling, logging, segmentation and documentation.

2. Who is covered by NIS2?

Sectors include energy, transport, healthcare, maritime, manufacturing, public entities, digital infrastructure and suppliers to these sectors.

3. What does NIS2 require for networks?

NIS2 requires secure network architecture with segmentation, Zero Trust, logging, monitoring and documented security.

4. How does Vodanet help with NIS2?

We help organisations design and operate networks that meet NIS2’s technical requirements, including segmentation, Wi-Fi security, firewall hardening, monitoring, logging and audit-ready documentation.

5. Do we need to replace equipment to become NIS2-compliant?

Not necessarily. It depends on update capabilities, security features, logging and documentation. Vodanet evaluates this as part of a NIS2 assessment.

6. How are CRA and NIS2 related?

CRA focuses on product security.
NIS2 focuses on organisational processes.
Combined, they create a full security picture: secure products + secure processes.

7. What do you get from a NIS2 review?

A clear assessment of the network’s current security posture, vulnerabilities, documentation, segmentation and governance. You receive a concrete action plan.

8. What are the penalties for NIS2 breaches?

Fines can reach €10 million or 2% of global revenue for critical entities.
For essential entities: up to €7 million or 1.4%.

9. How do we get started?

Contact Vodanet for a NIS2 assessment. We analyse your network, documentation and security posture – and deliver a concrete and prioritised plan.

ISO 27001 - Best-Practice Information Security

Vodanet follows ISO 27001 principles for risk management, access control and documentation.
We ensure:

Role-based access control
Logging and incident handling
Governance and change management
Documented architecture and configurations
Risk and vulnerability assessment
Continuous improvement and updates

This results in stable, structured and audit-ready networks.

1. What is ISO/IEC 27001?

ISO/IEC 27001 is the international standard for information security, covering risk management, access control, governance and documentation. It provides a structured framework for organisations that want to work systematically with security.

2. Do organisations need to be certified to work in line with ISO 27001?

No. Many organisations follow the principles without being formally certified. Vodanet applies ISO 27001 methods in design, operations and documentation, regardless of customer certification requirements.

3. What does ISO 27001 mean for networks and infrastructure?

ISO 27001 requires clearly defined processes for access control, monitoring, logging, risk management and documentation of systems. It demands stable network architecture, secure configuration and continuous maintenance.

4. How does Vodanet work according to ISO 27001 principles?

We follow ISO 27001 principles by ensuring:
– Access control and role-based management
– Continuous logging, monitoring and incident handling
– Documentation of networks, systems and components
– Governance, change management and policies
– Risk and vulnerability assessments
– Continuous improvements and updates

5. Do we need to change our existing network to meet ISO 27001?

Not necessarily. But your network must be documentable, monitored and managed according to defined processes. Vodanet assesses where your current infrastructure aligns and where improvements are needed.

6. How does ISO 27001 relate to CRA and NIS2?

ISO 27001 is the best-practice framework.
CRA defines the product requirements.
NIS2 defines the organisational requirements.
Together, they form a complete security model.

7. What needs to be documented to support ISO 27001?

Documentation typically includes:
– Network diagrams
– IP/VLAN plans
– Logging, monitoring and incident processes
– Risk and vulnerability assessments
– Policies and change management
– Hardware/software inventories
– Supplier evaluations

8. How do you maintain ISO 27001 in practice?

Maintenance is carried out through continuous processes:
– Regular updates
– Monitoring and logging
– Policy reviews
– Audits and control points
– Training and awareness
– Documented patch and vulnerability management

9. What do organisations gain from ISO 27001 principles?

A more stable, predictable and documented infrastructure.
Improved risk management.
Easier audits.
Greater trust from customers and partners.

10. How do we get started with ISO 27001-based network design?

Vodanet can review your current network, documentation and processes – and deliver a concrete plan to align with ISO 27001 requirements through modernisation and best-practice operations.

IEC 62443 - Industrial & OT Cybersecurity

IEC 62443 is the international standard for cybersecurity in industrial and maritime environments.
It protects production systems, automation equipment, sensors, SCADA and critical OT systems where stability and traceability are essential.
Vodanet aligns with IEC 62443 principles when designing, implementing and operating solutions for industrial, energy and maritime installations.
This means our solutions include:

T/IT segmentation (zones & conduits)
Secure architecture and access control
Protection of critical systems against unauthorised access
Monitoring, logging and incident handling
Documentation and traceability throughout the lifecycle
Vulnerability management, firmware strategy and update control

IEC 62443 closely complements CRA and NIS2:

CRA defines security requirements for the products
NIS2 defines requirements for the organisation
IEC 62443 defines security requirements for the OT environment

By combining these standards, Vodanet ensures industrial and maritime installations that are stable, secure and fully documented — ready for audits, classification bodies and future EU regulations.

1. What is IEC 62443?

IEC 62443 is the international standard for cybersecurity in industrial and OT environments. It provides a framework for securing automation systems, SCADA, sensors and other critical operational systems.

2. Who is IEC 62443 relevant for?

The standard is relevant for organisations with industrial or maritime systems such as:
– Manufacturing and industry
– Maritime and offshore
– Energy and utilities
– Building automation
– SCADA and OT systems

3. How does IEC 62443 relate to CRA and NIS2?

IEC 62443 focuses on OT security.
CRA focuses on product requirements.
NIS2 focuses on organisational processes.
Together, they form a complete security framework.

4. How does Vodanet support IEC 62443?

Vodanet already aligns with key IEC 62443 principles, including:
– OT/IT segmentation
– Secure architecture and access control
– Protection of critical systems
– Logging and monitoring
– Documentation and traceability
– Vulnerability and update management

5. Do organisations need to be certified for IEC 62443?

No, organisations may follow the principles without being formally certified.
The key is that the network is segmented, protected, documented and monitored according to IEC 62443 requirements.

6. What areas does IEC 62443 cover?

The standard covers:
– Zones and conduits (segmentation)
– Access control and authorisation
– Communication between critical systems
– Protection against unauthorised access
– Risk analysis and system classification
– OT security lifecycle management

7. How do we get started with IEC 62443 alignment?

Vodanet can review your OT environments, network segmentation and documentation – and deliver a plan to align the installation with IEC 62443 principles.

Secure-by-Design - How Vodanet Builds Networks

Working with a leading service provider and a leading antenna hardware manufacturer for maritime connectivity. Vodanet is continuously working to improve performance and deliver a configuration on the forefront of technology. A solid, flexible solution to offer satellite connectivity Vodanet determine capacity needed, together with our client. Based on the core purpose the addition of selected add-ons to achieve a balance between cost, functionality and crew appreciation.

Professional technologies and documented quality

Vodanet works exclusively with technologies and platforms that provide proven security, software lifecycle management, firmware processes and modern development practices.

We use solutions that meet the requirements of the EU Cyber Resilience Act (CRA), NIS2 and internationally recognised security standards, including:

Documented security architecture
Regular security updates
Clear firmware and patch strategy
Proven vulnerability management (PSIRT)
Traceability, CE compliance and transparent lifecycle
Complete technical documentation and audit trails

Conversely, we avoid equipment or software that:

Lacks security or compliance documentation
Does not provide firmware updates throughout its lifecycle
Has limited or unpredictable support
Cannot document software supply chain / SBOM
Cannot support the requirements of CRA, NIS2 or modern security frameworks This approach ensures stable, secure and fully documented installations – regardless of environment, complexity or scale.

Maritime Compliance - A Vodanet Speciality

Maritime and offshore environments often operate with equipment that will not become compliant with the EU Cyber Resilience Act (CRA) or the NIS2 Directive. This creates operational, regulatory and security risks — especially for vessels subject to class requirements, safety audits and complex multi-WAN environments.

Vodanet ensures CRA/NIS2-aligned network design for vessels and offshore environments, including:

Replacement of non-compliant or end-of-life equipment
Secure Wi-Fi and full OT/IT segmentation, including VLAN, security zone modelling and policy-based access
Audit-ready documentation for shipowners, technical management and classification bodies (DNV, Bureau Veritas, Lloyd’s Register, ABS, RINA)
Integration and optimisation of Starlink, OneWeb, 5G, VSAT and hybrid maritime WAN architectures
Failover, redundancy and high-availability design to ensure continuous operation in demanding offshore conditions
Lifecycle management, firmware governance and vulnerability handling aligned with CRA and NIS2 requirements
Stability and performance optimisation for mission-critical maritime systems, crew welfare networks and operational services

The result:

A robust, CE-traceable and audit-ready maritime network platform that meets the security, documentation and reliability requirements of modern maritime operations.

Documentation & Traceability

Documentation is a core part of Vodanet’s delivery model. We provide complete and structured documentation packages that meet the requirements of CRA, NIS2, ISO 27001 and maritime/offshore standards such as NORSOK. Our documentation ensures that installations are audit-ready, easy to maintain and fully traceable throughout their entire lifecycle.

We deliver:

Network diagrams (including NORSOK Z-010 structure where relevant)
VLAN and IP plans with defined security zones
Firewall, ACL and NAC documentation
Firmware and software inventories with version and support status
Supplier and component compliance records
Lifecycle overview, EoL/EoS monitoring and patch scheduling
Change logs and configuration history
SBOM (Software Bill of Materials), where applicable

Documentation = Compliance.

With Vodanet, audits, inspections and technical reviews become predictable and well-structured — whether internal, external or maritime/offshore classification.

Across all industries, Vodanet delivers the same core value: stable, secure and fully documented network solutions that meet current and future regulatory requirements.

Maritime & Offshore

Network and communication for vessels, rigs and offshore installations — designed in alignment with CRA/NIS2, CE requirements and industry frameworks such as DNV and NORSOK.

Healthcare and Critical Functions

High-availability networks, documentation, compliance and support for regulatory demands (NIS2, ISO, logging and incident handling).

Manufacturing & Industrial

Segmentation, secure OT/IT integration, robust Wi-Fi and operations in environments with strict requirements for reliability and traceability.

Hospitality, enterprise and guest networks

Secure Wi-Fi, segmentation, monitoring, redundancy and fully documented network architecture.

Municipalities and public institutions

Reliable network infrastructure with high transparency, audit-ready documentation and hardware vendors that deliver verifiable security and update lifecycles.

Request a Compliance Assement

Do you want to know whether your network and infrastructure meet the requirements of CRA, NIS2 and ISO 27001? Vodanet offers a full compliance assessment, reviewing your equipment, architecture, documentation and security processes.

You will receive:

Analysis of your current network design and segmentation
Status of hardware in relation to CRA requirements and update lifecycle
Evaluation of logging, monitoring and incident handling
Review of documentation (diagrams, firmware, configurations)
A concrete action plan with recommendations and next steps
Option for ongoing operation, monitoring and updates

A compliance assessment provides clarity, reduces risk and ensures that your network can pass both internal and external audits.

Ready to modernize your vessel’s IT infrastructure?

GET IN TOUCH WITH VODANET