Governance & Architecture Model

CSA

Compliance Security Architecture

A governance and architecture model for implementing mission-critical environments in a structured, compliant and future-proof way - used by 3Flames as the foundation of our services.

NIS2 IEC 62443 NC-CS / NCCS CER VJV2024 SJV2024
What is CSA

A practical framework for compliant environments

CSA is a governance model that brings together cybersecurity, operational requirements and regulatory compliance into one practical framework for mission-critical environments.

It defines the governance, architecture and controls needed to implement environments correctly - turning complex and scattered requirements into clear architecture decisions and practical controls.

  • Aligns cybersecurity, compliance and operational requirements
  • Turns complex requirements into practical architecture and governance controls
  • Supports security, resilience and continuity in mission-critical environments

Why it matters

From requirements to implementation - CSA helps organizations turn scattered demands into a clear architecture, governance controls and practical implementation decisions.

Instead of interpreting regulations independently, CSA provides a structured model that maps requirements to technical and operational controls.

Security Resilience Continuity
How CSA evolved

From Common Service Architecture
to Compliance Security Architecture

The model has continuously evolved to stay ahead of tightening regulatory requirements in the energy sector.

2019
Common Service Architecture
Work began to describe, present and manage the common services required in mission-critical environments - improving the design and documentation of data networks shaped by cybersecurity controls, Fingrid's grid connection requirements (VJV2024, SJV2024) and operational obligations related to electricity system resilience.
Evolution
Expanding to meet broader compliance needs
As cybersecurity requirements and sector-specific legislation became stricter, the model evolved to reflect broader compliance needs including NIS2, NC ER, the new EU electricity cybersecurity network code (NC-CS / NCCS), CER and relevant NCSC-FI guidance.
Today
Compliance Security Architecture
With the introduction of NIS2 and the broader tightening of resilience and cybersecurity obligations, the model was updated into its current form - Compliance Security Architecture - to clarify, simplify and strengthen the practical implementation of regulatory requirements while supporting business needs.
What requirements it supports

CSA Model

CSA Model Compliance Security Architecture (CSA) is the 3Flames model for turning external requirements and operational needs into practical security and compliance controls for mission-critical environments. The model shows how secure and compliant access is enabled for the parties that need to interact with critical environments, while ensuring that the underlying OT and energy systems remain protected, resilient and governable.

CSA Architecture Diagram

How CSA enables FlameGuard

FlameGuard is the operational service built on top of CSA. While CSA defines the governance model and control architecture, FlameGuard delivers the actual service capabilities - connectivity, access management, monitoring and compliance controls - in mission-critical energy environments.

CSA = governance & architecture model  ·  FlameGuard = operational service built on CSA

Discover FlameGuard →

Want to know more?

Have questions about CSA or how it applies to your environment? Reach out directly.

Chat on WhatsApp Send an Email