Passive Risk Intelligence
What is ORSI?
ORSI (Open Response Signal Index) is a passive, OSINT-based solution for external cybersecurity risk assessment — fully aligned with the requirements of the NIS2 Directive and modern supply chain transparency standards.
Unlike traditional scans or agent-based tools, ORSI requires no access, no installation, and no interaction with the target infrastructure. It operates exclusively on publicly accessible data, ensuring full legal safety and zero disruption.
Transparent visibility. Zero intrusion. Total control.
Three Layers of Exposure
What Does ORSI Analyze?
ORSI extracts structured, actionable intelligence from open sources across three key threat areas:
Data Exposure & Leaks
Mentions of your organization on darknet forums, pastebin sites, and Telegram channels.
Public Services & Configurations
Passive assessment of exposed IPs, DNS records, SSL/TLS setups, and service metadata.
Ransomware Risk Signals
Monitoring of leak sites and extortion portals associated with ransomware activity.
Aligned With Key Articles
Designed for NIS2 Compliance
ORSI provides external insights that directly support:
- Article 21 – Risk management processes
- Article 23 – Vulnerability monitoring
- Article 24 – Incident recognition
- Article 26 – Supply chain security assessments
- Article 30 – Risk notifications
- Article 44 – Compliance documentation & audit trails
All findings are fully mapped to the corresponding articles.
Flexible Reporting Options
Choose Your Report Type
Summary Report
A concise overview — no consent needed from the evaluated party.
- Count of exposed services
- CVE volume (critical & non-critical)
- Mention of breaches or ransomware signals
- Ideal for vendor checks and supply chain audits
Full Report
In-depth and actionable. Delivered on request or for formal compliance reviews.
- IPs, software versions, CVE references
- High-level digital exposure map
- Ready-to-use input for internal risk remediation
No Access, No Disruption
What Makes ORSI Unique?
Truly Independent
ORSI doesn’t rely on access or cooperation from the evaluated party. That means you get honest, unbiased insight — even across your vendor ecosystem.
Fully Passive, 100% Legal
No scanning. No probing. No software installations. All data is collected passively from open sources. Safe for use even in regulated or sensitive environments.
Ready for Action, Not Just Reporting
Every report includes clear, technical findings. Your teams or contractors can act immediately: patch systems, close exposed services, investigate leak indicators.
Rapid Delivery
Reports are delivered within hours — not days. Fast turnaround with zero operational footprint.
For Auditors, CISOs & more
Who Uses ORSI?
ORSI is trusted by:
- Organizations managing critical infrastructure or complex supply chains.
- Compliance teams preparing for NIS2 audits.
- Audit and consulting firms needing third-party assessments.
- Security managers overseeing supplier risk.
Clarity. Structure. Compliance.
Sample ORSI Report for Risk and Compliance Teams
ORSI reports are designed to support compliance, audit, and third-party risk management with structured, OSINT-based insights. Each report delivers a clear snapshot of an organization’s external digital exposure — without scanning, access, or intrusion.
Download a sample report to see how findings are presented, how risks are prioritized, and how the content aligns with key NIS2 articles. This is the same format used in real client assessments and audit-ready documentation.
Trust by Design
Built on Ethics and Legal Safety
100% OSINT-based — All sources are publicly accessible
No active scanning — Non-invasive by design
No personal data processing — GDPR-safe
Legally sound — Compliant with EU law, NIS2, and national regulations
Ethical — Respectful, transparent, and risk-free methodology
Let’s Take a Look at Your External Cyber Posture
Want to see what attackers — and regulators — can learn about your organization from public sources?
Use the form below to request your first ORSI report.