Skip to content
Close
SEARCH
Book a demo
Book a demo
By software
By module
cpu
eye-share Workflow
fullscreen
eye-share Capture
window-sidebar
eye-share Portal
grid
Overview
cpu
AP Automation
cart-2
Purchase module
journal-check
General Ledger
pencil
Contract Management
Automate financial workflows and gain full control.

Simplify invoice capture, approval, and processing, and make better purchasing decisions with our AI-powered software.

window-sidebar(1)
Invoice Entry
shield-check-2
Import Control
fullscreen
Data Capture
grid
All Modules
By industry
By solutions
Customer stories
grid
Overview
water
Shipping and Maritime
droplet
Energy Sector
shop-window
Retail
grid
Overview
cpu
Account Payables
cart-2
Purchase-to-Pay
fullscreen
Data Capture and Intepretation
people
Supplier Management
From those who love Eye-share

Discover how leading businesses have transformed their financial workflows with eye-share. From automation success to improved compliance, explore real-world results from our customers across various industries.

boxes
Construction
building
Public Sector
Our solutions

Say goodbye to manual invoice handling and hello to smarter, faster processes. With eye-share, you can automate approvals, reduce errors, and gain full control over your AP process—letting your team focus on what matters most.

Caroline Karlsen Klæth og Kristian Fridtjof Funderud
Product News
Company News
Blog
Events
Webinars
Guide to P2P - Free ebook
Support Portal

Stay up-to-date with the latest features and updates in eye-share’s product suite.

Dive into insights on industry trends, emerging technologies, and challenges facing CFOs today.

Connect with us in person! Attend eye-share-hosted events or meet us at industry gatherings worldwide to explore the future of financial automation.

Join our Sofatalks series for expert-led discussions on AI, P2P, and more topics that matter to you.

Need help? Access our Support Portal to create tickets, resolve issues, and manage upgrades effortlessly.

menu-product
menu-blog
menu-events
menu-webinars
menu-support

Transparency Act

TABLE OF CONTENTS
loading...

INTRODUCTION

Last modified 11.06.2025

In alignment with the Transparency Act and our unwavering commitment to transparency and accountability, Eye-share AS adheres to the OECD (Organization for Economic Cooperation and Development) guidelines and criteria for due diligence in our vendor and subprocessor assessments.
We recognize the importance of integrating internationally recognized standards into our risk management framework to ensure comprehensive evaluations and mitigate potential risks
effectively. 

This is addressed in our Supplier Code of Conduct | Guru (getguru.com).


This statement addresses the work Eye-share AS, providing Purchase to Pay
automation software for our customers regardless of market segmentation, does to stay compliant towards the Transparency Act under Norwegian jurisdiction and legislation.


The statement is arranged by the Department Manager Operations on behalf of the Management Team and signed by the board to ensure anchoring, ownership, and common understanding. 

 

ABOUT EYE-SHARE AS

Eye-share offers market-leading solutions for automated spend management from
Purchase-to-Pay. Our intelligent software portfolio transforms manual routines into digital workflows, so users can spend their time on more strategic tasks.


See full overview of our products. 


Eye-share AS mainly operates in the Norwegian market supporting customer
operations in 60+ countries with a branch office in Singapore to ensure the best
possible customer experience.


Eye-share Operations utilizes MS Azure Public Cloud to leverage the capabilities of
cloud computing to ensure seamless operations, scalability, flexibility, and cost
efficiency across multiple locations in multiple regions and/or nodes. 

Based on location for Eye-share customers, the following regions are implemented as
part of eye-share Cloud hosting:


1. NOE - Norway East
2. WEU - Western Europe
3. SEA - Southeast Asia

HUMAN RIGHTS

To ensure effective management and governance, it's essential that the subsidies
adhere to the parent company's corporate policies and rules. Hence, Eye-share
adheres all policy and rules set on a corporate level by Tietoevry.  This ensures consistency, risk management, and alignment with the overall corporate
strategy.


All reporting follows internal supply chain through monthly business reviews in
accordance with corporate rules and regulations.


Please visit our common Sustainability page for further detail and the Annual and
Sustainability Report 2024.


Code of conduct is signed upon employment and revisited annually through
corporate vide mandatory training.


The scope for all Eye-share and Tietoevry corporate employees: 

sustainabilitypledge

All risks are registered and revisited monthly in corporate GRC-tool in collaboration with corporate representatives. 

 

Human rights in our supply chain

In alignment with our commitment to uphold the highest standards of information security, operational resilience, and regulatory compliance, we are formally expanding the scope of our third-party due diligence program. This initiative reflects our proactive approach to meeting the evolving requirements of ISO/IEC 27001, the EU NIS2 Directive, and the Digital Operational Resilience Act (DORA).


Effective, since last review, our due diligence efforts will extend beyond a limited set of Eye-share specific sub-processors to encompass all critical and non-critical vendors and suppliers that support our services and operations.


This expansion is designed to ensure:


Comprehensive Risk Management
All third-party relationships will be assessed for information security, data protection, and operational resilience risks, in accordance with ISO/IEC 27001 Annex A controls and risk treatment plans.


NIS2 Compliance
As an essential or important entity under the NIS2 Directive, we are implementing
enhanced oversight of third-party service providers to ensure they meet cybersecurity and incident reporting obligations.


DORA Alignment
In compliance with DORA, we are instituting robust third-party risk management practices, including contractual clauses, performance monitoring, and contingency
planning for ICT service providers.


This includes:

  • Regular assessments of ICT supply chain resilience.
  • Inclusion of third-party providers in digital operational resilience testing.
  • Incident response coordination and reporting mechanisms.
  • Continuous Improvement and Monitoring.

Governance and Accountability
Our internal governance framework has been updated to reflect these changes, with clear roles and responsibilities assigned to ensure accountability and traceability across the vendor lifecycle. 

 

This expanded due diligence framework is a critical component of our broader
strategy to safeguard our digital infrastructure, protect customer data, and ensure uninterrupted service delivery in a complex and regulated environment.

To ensure compliance and continuous improvement, Eye-share follows a practice of regular check-ins with all vendors in scope and collects ISAE Type 2, SOC 2, or similar reports for assurance.


Our Supplier Code of Conduct | Guru (getquru.com) is communicated as a
prerequisite for collaboration.


It's the responsibility of the assigned system- and/or process owners to ensure
supply-chain compliance!


All whistle blowing channels follow the corporate process which is also available to external parties such as customers and suppliers.


The Tietoevry Whistleblowing Channel is operated by an external service provider.
Link to Whistleblowing Channel

 

IDENTIFICATION OF SUPPLIERS

All Eye-share specific vendors and suppliers are subject to the Eye-share AS -
Transparency Act - Åpenhetsloven - Process.

These include, but are not limited to:

  • Cloud service providers.
  • Customer support service providers.
  • IT infrastructure service providers.
  • as well as others handling critical data and processes. 


Requirements to our suppliers


As part of our responsible sourcing process at Eye-share, we have established the
following requirements for our suppliers: 

Compliance with Laws and Regulations
The supplier must comply with all applicable laws and regulations, including
privacy laws and data security regulations.

Transparency
The supplier must be transparent in its operations and provide us with
sufficient information about their business, practices, and policies. 

Ethical practices
The supplier must practice ethics and integrity in all their activities and
business practices. 

Data security
The supplier must have robust security measures in place to protect our data
against unauthorized access, misuse, or loss. 

To ensure that suppliers comply with Eye-share's expectations, we follow up our
supply chain with our internal control "SM 1.3 Supplier Management - ISAE 3402"
stating:


Eye-share have implemented a systematic process to classify relevant vendors that provide critical services impacting service availability and processing.


Eye-share retrieves and reviews SOC type II report or equivalent assurance from suppliers in scope, at least annually.


The review process includes identification of any exceptions, findings, complementary user entity controls, in addition to documentation and follow-up.


More on Eye-shares ISAE 3402 Type 2 report available here

 

Assessment process

Our due diligence process includes the following steps:


1. Ensure full supplier, vendor, and sub-processor control.


2. Risk and due-diligence assessment.


3. Follow up on all relevant Vendors.


4. Continuous process improvement and inclusion of new vendors, suppliers
and/or sub-processors

To ensure compliance Eye-share AS has established close and continuous
collaboration with all supply-chain actors according to listed classification.


Activities, not limited to:

  • Retrieval of ISAE 3402 Type 2, SOC 2 and/or equivalent reports.
  • NDAs, if applicable.

Advocating our Supplier Code of Conduct in agreements and other fora's. 

 

Action Plan

Based on the results of the due diligence assessment, we will take the following
actions:

  • Approval: Suppliers meeting our criteria will be approved for continued collaboration. 
  • Follow up actions: For suppliers showing non-compliance, we will implement follow-up actions,
    such as requesting further information, conducting audits, or requiring improvements in their practices. 
  • Termination of collaboration: If a supplier is unwilling or unable to meet our requirements, we will consider terminating the collaboration and finding an alternative supplier meeting our
    standards.

 

Update and revision


This due diligence assessment will be regularly reviewed and updated in line with
changes in legislation, industry practices, and company needs. 


Due Diligence 2023

No remarks for vendors, suppliers, and sub-processors in scope. 

Due Diligence 2024

During annual Due Diligence no risk or deviation were uncovered. Continuous
operation and follow up with check-ins as scheduled were accepted with the six
applicable service providers. Annual or bi-annual SOC Type 2 or similar assurance
reports have been retrieved and our Supplier Code of Conduct was communicated.

After the initial review, a seventh service provider have been added that is considered medium risk and we have followed up accordingly sending our Transparency Act - questionnaire in addition to continuous follow up with check-ins.

 

Due Diligence 2025

Scope extended from 7 sub-processors in 2024 to include all sub-processors,
suppliers and vendors part of Eye-shares services and operations regardless of
corporate activity.


No medium or high risk related to due diligence or general risk management in this period.


Service provider considered medium risk in 2024 is reduced to low based upon
questioner retrieved and changes/reduction in scoped service. 

 

CONCLUSION

We in Eye-share AS are committed to ensuring that our suppliers operate with full
transparency and in compliance with all relevant regulations, including international
standards such as ISO, the EU's NIS2 Directive, and the Digital Operational Resilience Act (DORA).


This statement and our due diligence process is a key part of how we uphold
integrity, transparency, and digital security throughout our supply chain.


By continuously assessing and engaging with our suppliers, we aim to build and
maintain trust—not only with our customers and partners but also with the broader society.


Our goal is to ensure that our operations remain resilient, secure, and aligned with
the highest standards of regulatory compliance.

Download signed version.