OwlyScan
What is OwlyScan?
OwlyScan is a deep and dark web monitoring platform. It indexes documents in every format and language, watches your company and your suppliers, and turns hits into alerts and audit-ready reports.
- Continuous watch on you, your suppliers, and their subcontractors
- Credentials, contracts, source code, databases, mentions, and more
- Alerts and reports you can show to auditors, customers, and IR teams
How OwlyScan maps to the requirements
-
01
Name the ICT chain you depend on
Your entity, critical ICT service providers, and trusted third parties enter the watch list — not only hyperscalers.
-
02
Run continuous cyber due diligence
OwlyScan indexes underground sources and surfaces credentials, contracts, and documents that expose you or your providers.
-
03
Keep proof for resilience and audit
Alerts and audit-ready reports show that third-party exposure watch is operating over time.
OwlyScan supports selected measures with external monitoring and evidence. It is not a certification, and it does not replace your full compliance programme.
Which requirements OwlyScan covers
Where OwlyScan covers the requirement
| Ref | Domain | What the framework asks | Coverage | How OwlyScan helps |
| Art. 28 | ICT third-party risk | Manage ICT third-party risk: identify, assess, and monitor risks stemming from ICT service providers, including concentration and critical providers. | Covered | Continuous deep and dark web monitoring of named ICT providers and key vendors, with alerts and reports for third-party risk files. |
| Arts. 28–30 | Provider monitoring · cyber due diligence | Ongoing monitoring and due diligence of ICT third-party arrangements beyond contract signature. | Covered | Watch what circulates about providers (credentials, contracts, dumps, mentions); evidence that cyber due diligence watch is operational over time. |
Art. 28 Covered
ICT third-party risk
Manage ICT third-party risk: identify, assess, and monitor risks stemming from ICT service providers, including concentration and critical providers.
Continuous deep and dark web monitoring of named ICT providers and key vendors, with alerts and reports for third-party risk files.
Arts. 28–30 Covered
Provider monitoring · cyber due diligence
Ongoing monitoring and due diligence of ICT third-party arrangements beyond contract signature.
Watch what circulates about providers (credentials, contracts, dumps, mentions); evidence that cyber due diligence watch is operational over time.
Where OwlyScan supports the requirement
| Ref | Domain | What the framework asks | Coverage | How OwlyScan helps |
| Arts. 9–10 | Detection & response | Detect anomalous activities and respond to ICT-related incidents. | Partial | Early external signal when credentials or documents appear underground. Not internal anomaly detection or containment tooling. |
| Art. 17 | ICT-related incident management | Detect, manage, and notify ICT-related incidents through defined processes. | Partial | Alerts and Investigation mode for underground scoping; process ownership stays with the entity. |
| Art. 19 | Major ICT-related incident reporting | Report major ICT-related incidents to competent authorities within mandated timelines. | Partial | Timestamped artefacts for timeline and narrative. Does not file reports. |
| Arts. 5–6 | ICT risk management framework | Identify ICT risks, protect systems and data, and maintain an ICT risk management framework. | Partial | Objective exposure evidence for the entity and providers as input to risk analysis — beyond self-attestation. |
| Art. 13 | Learning & evolving | Learn from ICT-related incidents and cyber threats and improve measures accordingly. | Partial | Investigation outputs feed post-incident lessons. Not a full learning-management system. |
| Art. 45 | Information sharing | Voluntary arrangements to share cyber threat information and intelligence among trusted communities. | Partial | Entity-scoped underground intelligence that can feed sharing. Does not operate ISACs or legal sharing vehicles. |
Arts. 9–10 Partial
Detection & response
Detect anomalous activities and respond to ICT-related incidents.
Early external signal when credentials or documents appear underground. Not internal anomaly detection or containment tooling.
Art. 17 Partial
ICT-related incident management
Detect, manage, and notify ICT-related incidents through defined processes.
Alerts and Investigation mode for underground scoping; process ownership stays with the entity.
Art. 19 Partial
Major ICT-related incident reporting
Report major ICT-related incidents to competent authorities within mandated timelines.
Timestamped artefacts for timeline and narrative. Does not file reports.
Arts. 5–6 Partial
ICT risk management framework
Identify ICT risks, protect systems and data, and maintain an ICT risk management framework.
Objective exposure evidence for the entity and providers as input to risk analysis — beyond self-attestation.
Art. 13 Partial
Learning & evolving
Learn from ICT-related incidents and cyber threats and improve measures accordingly.
Investigation outputs feed post-incident lessons. Not a full learning-management system.
Art. 45 Partial
Information sharing
Voluntary arrangements to share cyber threat information and intelligence among trusted communities.
Entity-scoped underground intelligence that can feed sharing. Does not operate ISACs or legal sharing vehicles.
Proof you can show
Outputs designed for operational resilience leads, compliance, procurement, and ICT risk.
- Alerts on first relevant mention of you or a named provider
- Audit-ready monitoring reports for third-party risk files
- Provider exposure views for cyber due diligence
- Sourced findings for incident analysis and remediation
Who uses this mapping
- CISOs and operational resilience leads
- Compliance and DORA programme owners
- Procurement and cyber due diligence on providers
- MSSPs and advisors to financial entities
- CSIRT and remediation teams
EU hosted · Audit-ready reports · Free company check