Tech Partner

IT management that turns order into compliance evidence

PrivaLex works with Factorial IT to help organisations demonstrate control over devices, access and licences in their ISO 27001, ENS and NIS2 audits. One platform that closes the gaps auditors always find.

Talk with a specialist Get to know Factorial IT

Auditors don't ask if you have security. They ask if you can prove it.

Searching through spreadsheets before an audit is not a process. It's a risk.

In ISO 27001 and ENS, traceability is not a nice-to-have. It's compliance.

Factorial IT: HR-integrated IT management, audit-ready

Factorial IT is the IT management solution by Factorial, Spain's leading HR platform. It allows organisations to manage devices, SaaS access and employee lifecycle from a single place, and automatically generate the audit trail that compliance audits require.

Device Management (MDM)

Full control over Mac, Windows, Linux and iOS devices. Security policy enforcement, encryption, remote wipe and compliance reporting. Compatible with ISO 27001 Annex A controls.

SaaS Access Management

Automatic user provisioning and deprovisioning across all corporate applications. When an employee joins, they have access from day one. When they leave, access is revoked immediately and documented. No loose ends, no forgotten licences.

IT Inventory and Asset Lifecycle

Unified catalogue of devices and software. Track the status, owner and cost of every asset. Full visibility to answer any auditor question in seconds.

Endpoint Detection & Response

Malware, ransomware and zero-day threat detection with autonomous response. Deploys automatically when each device is enrolled, no additional project, no manual configuration.

How Factorial IT strengthens the compliance projects PrivaLex manages

When PrivaLex supports an organisation through a certification or regulatory compliance process, one of the critical pillars is demonstrating real control over IT assets and access to information. Factorial IT provides exactly that layer of operational evidence.

  • ISO 27001: The Annex A controls covering asset management, access control and human resources security require continuous documentation. Factorial IT automatically generates the access logs, device inventory and offboarding audit trails that auditors request at every review. The EDR natively covers the protection from malware and incident management controls, with evidence generated automatically and available to export ahead of the audit.
  • ENS (Spain’s National Security Framework): ENS requires evidence of control over devices, account management and privilege revocation. Factorial IT centralises all these processes and links them to the employee lifecycle, making it straightforward to produce the documentation required under its operational security measures.
  • NIS2: The NIS2 directive focuses on supply chain and access management. Factorial IT enables the systematic and demonstrable application of the least privilege principle, with a full log of every action available for presentation to supervisory authorities.
  • Secure offboarding: One of the most common risks PrivaLex identifies in client organisations is unrevoked access from former employees. Factorial IT automates the full IT offboarding, devices, accounts and licences, from the moment HR registers the departure, eliminating this risk vector at the root.

Why PrivaLex works with Factorial IT

We work with many organisations that have genuine commitment to compliance but lack the tools to turn that commitment into evidence. Factorial IT closes that gap.
We recommend it because it does exactly what a certification project needs at the IT layer: it centralises, automates and documents. It doesn't add complexity, it removes it.

Audit-ready evidence

The records Factorial IT generates are exactly the type of documentation ISO and ENS auditors ask for. No need to reconstruct them after the fact.

Fast deployment, immediate impact

The platform deploys without complex agents or infrastructure changes, allowing certification projects to move forward without technical roadblocks. MDM + EDR ready in under a day. When the device is enrolled in the MDM, active protection is already running.

Integrated with the employee lifecycle

Connected to HR, every joiners and leaver automatically triggers the corresponding IT actions. eliminating human error as a source of non-conformities.

Does this sound familiar?

PrivaLex recommends considering Factorial IT to organisations that recognise any of these situations:

  • You are working towards ISO 27001 or ENS certification and need to demonstrate control over devices and access
  • You have had findings in previous audits related to IT asset management or unrevoked access
  • Your IT team manages SaaS access manually, without a centralised system
  • Offboarding is handled by email or through undocumented processes
  • You have remote or distributed employees and need visibility over their devices
  • Your organisation is growing and IT management is not keeping pace with the team

Frequently Asked Questions (FAQs)

Is Factorial IT an HR tool or an IT tool?

Both, and that is its main advantage. Factorial IT integrates IT management (devices, SaaS access, inventory) with HR data (joiners, leavers, roles), so that IT actions are triggered automatically by personnel events. This is particularly relevant for compliance, as it eliminates the dependency on manual processes between departments.

How does Factorial IT help prepare for an ISO 27001 audit?

Factorial IT automatically generates the IT asset records, access history and revocation evidence that auditors typically request under Annex A controls. Instead of gathering documentation manually before each audit, the platform maintains that audit trail on a continuous basis.

What role does PrivaLex play in the deployment of Factorial IT?

PrivaLex does not implement Factorial IT directly, but recommends it as a complementary tool within the compliance projects it manages. Our team assesses whether Factorial IT is the right fit for each client and coordinates its adoption within the certification plan.

Is Factorial IT compatible with the ENS (Spain's National Security Framework)?

Yes. Factorial IT supports coverage of the ENS operational security measures related to account management, access control and device protection. PrivaLex can advise on which specific controls are addressed depending on the ENS level that applies to your organisation.

What happens to access rights when an employee leaves?

With Factorial IT, IT offboarding is triggered automatically the moment HR registers the departure. This includes revoking access to all connected SaaS applications and remotely locking or wiping the corporate device. The entire process is logged with date and time, providing valid evidence for audits.

Do I need to change my IT infrastructure to deploy Factorial IT?

No. Factorial IT deploys without agents or changes to the corporate network, allowing a smooth implementation with no impact on existing systems.

Do I need an EDR to achieve ISO 27001 certification or comply with NIS2?

Yes. Both frameworks require threat detection controls and documented incident response. With Factorial IT this is not an additional layer: the EDR activates automatically when each device is enrolled, and the evidence is logged and exportable for audit from day one.