Build a safe and sustainable value chain with risk-based due diligence

Third-party risks, in one place

Create shared understanding, traceability and a shared basis for decision-making by bringing processes, data and accountability together in one system.

Identify risks early before they escalate

Structured, high-quality risk analysis makes it possible to identify risks that go beyond what screening alone can capture.

Automation that frees up time

When risks are many, prioritisation becomes critical. Automated analysis helps you focus your efforts where impact and risk are greatest.

More targeted reviews

Not all suppliers require the same level of effort. A risk-based approach helps you allocate time and resources where they are needed most.

Verification & screening

Verify your suppliers globally, directly in the system, to ensure the company exists and is active – and that it does not appear on any watchlists, sanctions lists or PEP lists.

Risk analysis

We build tailored risk analyses designed to fit each organisation, using parameters such as country risk and industry risk.

SAQ

Assess suppliers with potential and actual risks through tailored self-assessment questionnaires. Manage deviations directly in the system, in dialogue with your suppliers.

Site visits / inspections

Complement your analysis with real-world insights. Our app provides an easy-to-use, configurable tool for site visits. When full-scale inspections are required, protocols are recorded directly in the app and made available in the system. Evaluate across multiple parameters – environment, quality, social factors and IT security.

Deviation management

Efficiently manage identified risks and adverse impacts, and engage in dialogue with suppliers on corrective actions directly in the system. This can be done on an ongoing basis, regardless of whether deviations are identified through SAQs, inspections or other steps in the process. Continuous follow-up creates the conditions for real improvement and long-term development.

500+: Suppliers screened and risk-assessed in minutes
0 min: Manual handling of supplier responses
100%: Automated verification, screening and initial risk classification
: *Based on internal analyses and comparisons with manual handling. Results may vary depending on conditions.

Due diligence tailored to your area of focus

Choose your solution

ESG Due Diligence

Identify, assess and manage ESG risks across the entire value chain. Get support for CSDDD, EUDR and other sustainability requirements – with a focus on real impact and concrete actions.

Cyber Due Diligence

Create control over cybersecurity risks in the supply chain. Build resilience and ensure compliance with NIS2 and DORA.

One shared view of risk makes decisions easier

Procurement

Get a unified view of supplier risks.
Prioritise the right suppliers for in-depth due diligence.
Ensure the entire supplier base meets internal requirements and external regulations.

Sustainability

Get a comprehensive view of sustainability performance across the value chain.
Identify, prioritise and manage ESG risks early.
Ensure sustainability efforts lead to real, measurable improvements.

Information security

Streamline risk assessments of suppliers information and cybersecurity.
Ensure compliance with security requirements and standards such as NIS2 and DORA.
Create traceability, accountability and follow-up across the supply chain.

Compliance – a natural part of how you work

Turn risk management into structured actions and make compliance a natural outcome of your day-to-day work – supported by clear documentation that makes it easier to demonstrate compliance with requirements.

CSDDD

CSDDD requires companies to identify and manage risks related to human rights and the environment across the entire supply chain. Stratsys helps you map risks, create action plans and document due diligence efforts over time.

NIS2

NIS2 raises requirements for cybersecurity, governance and incident management for organisations within critical infrastructure and digital services – including across the supply chain. Stratsys helps you establish a clear baseline, manage cyber risks, and support audits and reporting.

CSRD/ESRS

CSRD/ESRS requires companies to report in detail on sustainability-related impacts, risks and opportunities – with full traceability in the underlying data. Stratsys helps you collect and quality-assure data, and structure the work for double materiality assessments and reporting.

DORA

DORA sets requirements for digital operational resilience, including the management of IT risks, incidents and third-party providers. Stratsys helps you map suppliers’ cybersecurity, create a clear risk overview, and document and report actions.

Norwegian Transparency Act

The Norwegian Transparency Act requires companies to map and manage risks related to human rights in the supply chain and communicate their efforts transparently. Stratsys helps you gain oversight, create action plans, and collect documentation to support compliance.

Ready for the next step?

See how it works in practice

Bring your due diligence work together and gain better control of risks across the value chain.

Questions and answers

How does automation support our due diligence work?

Automation makes it possible to work in a structured way with due diligence, even across large and global value chains. The platform reduces manual effort in risk assessments, helps you focus on the most relevant suppliers and risks, and streamlines follow-up over time. The result is faster decisions, better prioritisation, and a risk management approach that can truly scale.

Can multiple functions work in the same platform?

Yes. The platform is built for cross-functional collaboration, enabling different functions to work within the same structure and with the same data. This reduces silos, creates shared understanding, and ensures risks are owned by the right function and lead to coordinated actions across the organisation.

How does Stratsys differ from other due diligence tools?

Unlike tools that primarily collect and present supplier data, Stratsys is built for active risk management. The platform ensures risks are prioritised based on real impact, followed up in a structured way, and lead to documented actions and improvements — not just reports.

How does Stratsys support legal requirements such as CSDDD, EUDR and similar regulations?

We support multiple regulations through a shared, organisation-wide approach to due diligence, using the same structure regardless of function, risk area or regulatory framework. Instead of each team working in separate templates, systems or processes, there is a common foundation for how risks are identified, assessed, addressed and followed up.

In practice, this means that risk assessments, supplier data, action plans and follow-up are handled within the same structure and logic, even when used by different functions such as procurement, sustainability, legal or risk. This creates a shared language for due diligence and makes it clear who owns each risk and which actions are required.

A common framework also makes it possible to reuse the same work for multiple purposes. The same risk analysis and action, for example, can support requirements under CSDDD, EUDR or other regulations. This reduces duplication and makes compliance a natural part of day-to-day work, rather than something that has to be rebuilt from scratch for each new requirement.

Manage value-chain risks in one place