A service from LUMRA · For accounting firms

PIANOLA, security for the accounting firm that handles client data every day.

Accounting firms hold some of the most sensitive business data in the country, often without an IT team. PIANOLA shows what needs fixing in your Microsoft 365 environment in plain language and takes care of it for you. You can document your security for auditors, quality reviews and insurers without ever reading a technical manual.

About LUMRA Book a walkthrough

PIANOLA fits accounting firms from solo practice up to 50 staff. No installation needed, the connection runs through Microsoft official APIs.

Tailored for your industry

Industry perspective

Three things we often find in accounting firms

These are not theoretical risks. This is what we see in the first scan of accounting firms in Sweden and the Nordics.

Client documents shared without expiry

SharePoint and OneDrive links for closing reports, receipts and contracts often stay open to anyone. Sometimes for years. Nobody knows exactly who can still get in.

MFA missing on at least one admin account

A firm of five people typically has three administrators. One of them usually has multifactor disabled. That is where an attacker starts.

Mailbox forwarding rules nobody remembers setting up

A former employee, an old IT provider, an automation from a bookkeeping tool. Mail leaves your domain every day, without anyone noticing.

Documentation the accounting industry actually needs

Bookkeeping Act 1999:1078 The Swedish bookkeeping act requires safe archiving of accounting records for seven years. PIANOLA documents that data is not leaking through misconfigured sharing.
GDPR + Data Protection Act Client data contains personal information. We show that you have the technical safeguards required under article 32, documented and dated.
SRF guidance The industry body's information security guidance. The PIANOLA report can be attached to quality reviews or audits.
Cyber insurance terms Insurers require documented security. You get evidence ready to send.
Start a free scan

Microsoft 365 in reality

You think you have control. But how do you actually know?

Organisations that have hired IT consultants, ticked off Secure Score recommendations and said "Microsoft handles this" usually believe they're secure. PIANOLA is the extra pair of glasses that shows what's actually going on, continuously and not just at audit time.

A scan is a snapshot. A day later, someone has changed a policy, granted a new app or invited a guest, and the picture is already out of date. Documentation that isn't kept up ages just as fast. Security keeps moving, and PIANOLA keeps the picture alive.

What leadership often believes

  • "We've got MFA on"
  • "Microsoft handles cybersecurity"
  • "Our IT consultant has it covered"
  • "We do an audit once a year"

What PIANOLA actually measures

  • MFA is often not even enforced for admins
  • Microsoft ships tools, not configuration
  • The consultant saw the picture in March, not today
  • Drift happens every week, not at audit time
Sample view

Risk index via PIANOLA · 4 environments

Care services, ~80 employees

48

A common pattern in the sector: no enforced MFA policy, external sharing wide open, guests not reviewed in months.

Critical action

Logistics, ~150 employees

64

Even with E5 licensing, PIANOLA can find: MFA not enforced for admins, OAuth consent open to all, weak DMARC policies.

Needs work

Construction, ~50 employees

78

Drift can creep in after a consulting engagement. PIANOLA typically catches new open items around sharing and app consent in the months that follow.

Stable, drift remains

Consulting firm, ~30 employees

86

Continuous work leaves only minor cleanup, typically documentation and quarterly review.

Strong foundation

Risk index 0–100. The colour tells leadership where to look first. The view shows typical patterns across four sectors, not specific customers. PIANOLA is the extra pair of glasses, every week and not just at audit.

What makes us different

Other tools alert. PIANOLA acts.

Most security tools fill the IT inbox with warnings and leave the investigation to you. That is where security work tends to stall, not at detection, but at everything that follows. PIANOLA closes the loop.

The usual path

The alerts are left to you

  • The inbox fills constantly. Warnings from different systems, around the clock.
  • Assessment takes time. Someone has to react, even in the middle of the night.
  • Investigation is manual. Log digging, correlation, situational analysis, all on your own.
  • The team takes the hit. Volume always wins in the end.

The PIANOLA path

Decisions are already made

  • PIANOLA acts on its own. Decisions execute automatically, with a 24-hour window to undo.
  • We measure continuously. Nine security areas in Microsoft 365, all the time.
  • The report arrives in your inbox. A monthly snapshot, not a nightly flood of alerts.
  • You get time to think. Security no longer requires someone to keep watch.

The difference between chasing security and owning it.

The status view, in two seconds

A glimpse of what leadership sees in the report. Together, the three panels give a quick read on how the environment is doing. The depth is there when you need it.

Open findings

What needs attention right now

Findings are prioritised by severity, from critical risks down to lower-priority observations.

0

Critical

2

High

8

Medium

15

Low

Top actions

What to take on first

With reasoning, expected impact, and a suggested owner.

1 Restrict external sharing
2 Disable legacy auth protocols
3 Revoke risky app consents

Status by area

Where the focus is right now

Security posture per area. Green = under control, yellow or red = needs attention.

Identity and MFA OK
Email and forwarding 2 to review
Sharing in SharePoint OK
Apps and OAuth consents 1 priority
Endpoint and Defender OK

One report, four auditors

The same underlying control data, expressed in the language each framework speaks: NIS2 for regulatory compliance, CIS for technical hardening, NIST for risk governance, and ISO for management systems. Whoever asks, you respond from a single report.

EU · Directive

NIS2

10 measures in Article 21.2. Evidence report per measure shows exactly where you stand for the supervisory authority.

Risk management Art. 21.2.a
Access control Art. 21.2.d
MFA and authentication Art. 21.2.j
+ 7 more points Art. 21.2

CIS · Technical

CIS Controls v8

Eight priority control domains mapped. Shows which security baselines you actually meet in Microsoft 365.

Data assets CIS 3
Accounts and privileges CIS 5-6
Email and web CIS 9
+ 5 more domains CIS 4-17

NIST · Strategy

NIST CSF 2.0

Five core functions mapped directly to your Microsoft 365 environment. The language leadership and the board expect.

Govern GV
Identify · Protect ID · PR
Detect · Respond DE · RS
Recover RC

ISO · Management

ISO 27001:2022

Annex A controls mapped per organizational and technical domain. Provides traceability for ISMS audits.

Identity management A.5.16
Access control A.5.15
Secure config A.8.9
+ more Annex A A.8.x

Whether your IT partner, auditor or insurer asks, you respond from the same source. PIANOLA automatically maps 109 security controls on every assessment - no separate investigation needed for each framework.

NIS2 from 2026, your biggest driver right now

The new cybersecurity law raises the bar for your Microsoft 365 environment

The ten areas the directive requires, what PIANOLA handles for you continuously, and what remains the leadership's responsibility. Clear, honest, and straight to the point.

The same underlying data also maps to CIS Controls, NIST CSF and ISO 27001. See the frameworks below.

Read our NIS2 walkthrough

About the company

LUMRA is the company behind PIANOLA

LUMRA is a Swedish IT security company that builds PIANOLA. We specialise in Microsoft 365 security and serve small and medium-sized Swedish businesses and their IT partners.

Instead of one-off reports that go stale the day they're filed, we keep the conversation flowing year-round between leadership, IT, and your partner. PIANOLA is how we put that into practice: regular reports, a clear status view, and actions the service can apply directly or hand back to you.

  • CompanyLUMRA
  • ServicePIANOLA
  • FocusMicrosoft 365 security
  • AudienceSwedish small and medium-sized businesses
  • Contacthej@lumrait.se
The company lumrait.se About LUMRA, the incident calculator, contact, and how to book a call. Existing customer Sign in to PIANOLA For customers who want to see the status of their own Microsoft 365 environment.

PIANOLA maps to

NIS2 (EU 2022/2555) CIS Controls v8 NIST CSF 2.0 ISO 27001:2022