Why Securapilot exists
Information security shouldn't be a document in a folder. It should be a living part of organizational governance — anchored in decisions, understood by employees, and defensible to the board and auditors.
That insight didn't come overnight. It grew over 25 years at the intersection of technology, leadership, and business development. And it started with a frustration that most people in the industry recognize, but rarely articulate.
From system developer to governance architect
My journey has taken me from system developer and Scrum Master to IT manager in a municipality and Group CIO in the private sector. Each role gave new perspectives on the same fundamental question: why does security work so rarely succeed in practice — despite most organizations genuinely wanting to do the right thing?
It was during my time as IT and digitalization manager in a municipality that I seriously started implementing an information security management system. At the same time, I was taking a course on ISMS at the University of Skövde. The theory was solid. The tools were not.
I was looking for a platform that could support the work — something that connected risk management, documentation, and follow-up. What I found was spreadsheets, scattered documents, and systems built for auditors rather than for the organization.
But the real problem ran deeper than that.
The insight: it was never a tool problem
Regardless of organization, I saw the same patterns repeat. Risk registers in Excel without ownership. GDPR documentation scattered across folders, emails, and SharePoint sites. Security investments that were impossible to anchor with management. Compliance work without connection to actual decisions.
But over the years, I realized that this wasn't primarily about lacking tools or competence. It was about a fundamental misunderstanding of what compliance is actually for.
Most organizations treat regulatory compliance as a shield — something to hide behind to avoid thinking about risk. But compliance exists to structure, evidence-base, and maintain the risk decisions the organization already makes. When risk is implicit, when it's never articulated in a decision, it's not a compliance problem. It's a governance problem.
And no tool in the world solves a governance problem if it merely digitizes the same flawed processes that already exist.
That was the insight that changed everything.
Method first, tools second
I started seeing the pattern clearly: the organizations that succeeded with their security work didn't necessarily have the best tools. They had a systematic understanding of their processes and information flows before choosing tools.
At the same time, I saw how most GRC platforms were built backwards. They started from framework requirements and created checklists, instead of starting from the organization's actual reality and making governance executable.
I wanted to build something that reversed that order. A platform that forces process understanding before controls are configured. That makes risk decisions inspectable, not just documented. That expresses governance through workflows, approvals, and traceable chains — not through prose in folders that no one reads.
The turning point: when AI changed the possibilities
In recent years, AI has evolved from promise to practical reality. I realized that the technology could do more than automate — it could make structured security work accessible to organizations without dedicated security teams.
But I also realized something else: a GRC platform that stops working without AI has built in a dependency that contradicts the fundamental principles of resilience and information security.
That's why Securapilot took shape around a clear architectural principle: every function must deliver full value without AI. Risk assessments, gap analyses, information flow mapping, audit management — everything works through methodology and structure. AI is an amplifier that can suggest, identify, and summarize. But it's always the organization that owns the decision.
What Securapilot solves
Securapilot transforms fragmented security work into structured, traceable, and defensible decision flows.
Structured
Information flows mapped. Risk connected to context. Decisions with ownership and traceability.
Traceable
Every decision, approval, and deviation has a chain back to the risk decision that was made — or that should have been made.
Defensible
Security investments that can be justified at management level, with evidence that holds up to audit.
The platform is built for organizations that need to comply with requirements like NIS2, GDPR, and ISO 27001 — but understand that a certificate on the wall doesn't mean the risk is managed.
The company behind Securapilot
VER&IT AB
Securapilot is developed by VER&IT AB, a Swedish company focused on IT consulting, system development, and digital services with a security perspective.
We work with organizations in both the public and private sectors that need structure in their security and compliance work — through consulting, through tools, and through Securapilot.
About the founder
Kim Borg
Founder & CEO
25+ years of experience in IT leadership in the public and private sectors. Background as system developer, Scrum Master, IT manager, and Group CIO. Today focused on making structured security work accessible to more organizations — by building the tools that should have existed 15 years ago.
"Compliance isn't a shield to hide behind. It's a lens that shows whether your risk decisions hold up."
Want to know more?
Read about the vision behind Securapilot or contact us for a personal walkthrough.