Alimenta l'area Governance (G) e Sociale (S) dei report ESG/sostenibilità con i dati di compliance cybersecurity NIS2. La governance della sicurezza informatica è un KPI ESG rilevante (GRI 418, SASB, CSRD).
I dati NIS2 Agile si mappano naturalmente ai framework ESG più diffusi:
| Dato NIS2 Agile | Endpoint | Pilastro ESG | Framework |
|---|---|---|---|
| Compliance score Art.21 | /services/compliance-summary | G Governance | GRI 205, CSRD |
| Policy sicurezza approvate | /services/policies-approved | G Governance | ISO 27001, GRI 418 |
| Incidenti data breach / Art.23 | /services/incidents-feed | S Sociale | GRI 418 (Privacy) |
| Controlli di sicurezza implementati | /services/controls-status | G Governance | SASB |
| Rischio supply chain fornitori | /services/suppliers-risk | E Ambientale + G | GRI 308 |
| Segnalazioni whistleblowing | /api/whistleblowing/stats | S Sociale | GRI 205 (Anti-corruzione) |
Crea in NIS2 Agile una chiave con scope limitati per SustainAI:
Scope richiesti: read:compliance ← score e controlli Art.21 read:incidents ← incidenti per KPI privacy/GDPR read:policies ← policy approvate (governance evidence) read:supply_chain ← rischio fornitori ESG
// SustainAI — sync_nis2_esg.php (cron mensile) $apiKey = getenv('NIS2_API_KEY'); $orgId = getenv('NIS2_ORG_ID'); $base = 'https://nis2.agile.software/api'; $headers = [ 'X-API-Key: ' . $apiKey, 'X-Organization-Id: ' . $orgId, ]; // G — Compliance score (KPI governance cybersecurity) $compliance = nis2Get($base . '/services/compliance-summary', $headers); $cyberScore = $compliance['data']['overall_score'] ?? 0; $policyCount = $compliance['data']['policies']['approved'] ?? 0; // S — Privacy breaches (GRI 418) $incidents = nis2Get($base . '/services/incidents-feed?significant_only=1', $headers); $breaches = array_filter( $incidents['data']['incidents'] ?? [], fn($i) => $i['classification'] === 'data_breach' ); // G — Supply chain risk (ESG fornitori) $suppliers = nis2Get($base . '/services/suppliers-risk', $headers); $highRiskSuppliers = $suppliers['data']['stats']['high'] + $suppliers['data']['stats']['critical']; // Aggiorna KPI ESG in SustainAI EsgKpiService::updateCyberGovernance([ 'nis2_score' => $cyberScore, 'policies_approved' => $policyCount, 'data_breaches' => count($breaches), 'high_risk_suppliers' => $highRiskSuppliers, 'period' => date('Y-m'), ]);
<!-- SustainAI: sezione Governance → Cybersecurity KPIs -->
<div id="nis2-esg-widget" style="padding:20px; border:1px solid #e2e8f0; border-radius:8px; background:#f0fdf4;"></div>
<script>
fetch('https://nis2.agile.software/api/services/compliance-summary', {
headers: { 'X-API-Key': 'nis2_YOUR_KEY', 'X-Organization-Id': 'ORG_ID' }
}).then(r => r.json()).then(({ data }) => {
document.getElementById('nis2-esg-widget').innerHTML = `
<h4 style="font-size:.875rem; font-weight:700; color:#065f46; margin-bottom:16px;">
🔒 Governance Cybersecurity — NIS2 Compliance
</h4>
<div style="display:grid; grid-template-columns:repeat(4,1fr); gap:12px; text-align:center;">
<div><div style="font-size:1.5rem; font-weight:800; color:#06b6d4;">${data.overall_score}%</div>
<div style="font-size:.7rem; color:#64748b;">NIS2 Score</div></div>
<div><div style="font-size:1.5rem; font-weight:800; color:#10b981;">${data.policies.approved}</div>
<div style="font-size:.7rem; color:#64748b;">Policy Approvate</div></div>
<div><div style="font-size:1.5rem; font-weight:800; color:#f59e0b;">${data.risks.high}</div>
<div style="font-size:.7rem; color:#64748b;">Rischi HIGH</div></div>
<div><div style="font-size:1.5rem; font-weight:800; color:#ef4444;">${data.incidents.significant}</div>
<div style="font-size:.7rem; color:#64748b;">Incidenti Art.23</div></div>
</div>
<p style="font-size:.7rem; color:#94a3b8; margin-top:12px; text-align:right;">
Fonte: NIS2 Agile — nis2.agile.software — Aggiornato: ${new Date().toLocaleDateString('it')}
</p>`;
});
</script>