Facebook Twitter Linkedin Instagram

Statlook

Statlook is a comprehensive tool for monitoring user activity and managing IT resources, which helps optimize business processes and increase data security. Our Statlook offering supports companies in efficiently managing their IT infrastructure.

Statlook — Polish IT management system: assets, monitoring, helpdesk, GDPR and whistleblowing in one platform

Statlook is a mature Polish product by Media-press.tv S.A. from Kraków (ul. Szymanowskiego 1/15), continuously developed since 2002. The vendor currently serves more than 9,000 clients worldwide and monitors 750,000 workstations — in the public sector, education, healthcare and commercial organisations ranging from several dozen to several thousand endpoints. The current version Statlook 20 combines five modules (Assets with a Warehouse sub-module, Monitoring, Helpdesk with AI assistance, GDPR and Whistleblower) in a single administration console — meaning one contract, one support vendor and one complete set of reports for an ISO 27001, NIS2, DORA or national cybersecurity audit.

Virtline is a Statlook implementation partner and the first line of support for end clients in Poland. We supply licences (with separate pricing for the public and education sectors), install the Statlook server, distribute agents (GPO, SCCM, Intune), configure modules in line with client policies, train IT teams and HR departments (Whistleblower module, Monitoring vs. labour law) and provide post-implementation support. Typical projects for 50–500 workstations are completed in 2–4 weeks.

Request a Statlook deployment →

Five Statlook modules we implement

Statlook is built on a modular basis — clients purchase only the components they actually use. The current product range covers five modules launched from a single console and a single agent on each workstation:

Statlook — logo of manufacturer Media-press.tv S.A. (Kraków, since 2002)

 Assets — hardware and software inventory, IT fixed asset register, configuration change history, installed application and licence compliance audit. From version 20 an additional Warehouse sub-module is available for tracking equipment issued to employees, including handover protocols.

 Monitoring — working time tracking, application and website usage, blocking of unsafe sites, USB device and removable media control, print monitoring and file flow monitoring. Deployed exclusively in transparent mode, following an updated employment policy and DPIA analysis.

 Helpdesk — ticket system with SLA, escalations, knowledge base and remote desktop for user support. Version 20 adds AI assistance for operators (answer suggestions, ticket categorisation). Integration with the Assets module allows opening a ticket directly from the user’s computer record.

 GDPR — register of processing activities, authorisation records, DPIA documentation, protected data access audit, retention schedule. Support for data controller and Data Protection Officer obligations in a single tool, with PDF-exportable reports.

 Whistleblower — anonymous, two-way reporting channel for employees and stakeholders, compliant with EU Directive 2019/1937. Full audit trail of case handling, defined roles and response deadlines, encrypted communication without identity disclosure.

Benefits of deploying Statlook

 One system instead of five — eliminating Excel spreadsheets, standalone inventory tools, external helpdesks and separate GDPR and whistleblower applications. One database, one interface, one source of truth for the auditor.

 Polish manufacturer, GDPR-compliant — Media-press.tv S.A. from Kraków, on-premises deployment, data never leaves the client’s infrastructure, no EU data transfer issues, VAT invoices in PLN.

 Licence audit without an external auditor — automatic comparison of installed applications against held licences, alerts for missing Microsoft, Adobe, Autodesk licences or non-standard installed applications.

 Ready compliance evidence for auditors — out-of-the-box reports for ISO 27001 and NIS2: asset register (A.5.9), licence compliance (A.5.32), event history (A.8.16), identification of the operator behind every configuration change.

 Helpdesk replacing email chaos — end of IT requests in the inbox, SLA documentation, cross-department handoffs, escalations, team workload and response time reports.

 Whistleblower directive compliance — ready reporting channel, audit trail, 7/3-day response deadlines, technically ensured anonymity. Applicable to employers with ≥50 employees, all financial sector entities and public sector units.

 Market-proven scale — product active since 2002, 9,000 clients, 750,000 monitored computers, support for Windows Server on MS SQL and Linux as a server from version 20.

How we deploy Statlook — 4 stages

We plan the deployment iteratively, starting with asset inventory (fastest value delivery) and finishing with Monitoring, GDPR and Whistleblower, whose activation requires parallel preparation of legal documentation and employee communication. Each stage ends with a concrete deliverable.

1. Analysis and design — scoping the number of workstations, module selection, integration plan with Active Directory / Microsoft 365, monitoring policy design (scope, retention, roles), deployment schedule and list of documents required from HR (employment policy, employee notification).

2. Server and agent installation — setting up the Statlook server (Windows Server with MS SQL Express or Standard, optionally Linux from version 20), distributing agents to workstations (GPO, SCCM, Intune or manual), synchronisation with Active Directory and first full inventory.

3. Module and policy configuration — activating licence audit, defining application and website categories, setting monitoring rules compliant with GDPR and the employment policy, configuring the GDPR module (processing register, authorisations), launching the Whistleblower channel with an incident handling procedure.

4. Training, stabilisation and review — training for helpdesk operators, IT administrators, the Data Protection Officer and whistleblower case handlers, alert tuning based on the first two weeks of operation, handover of the audit report package and a quarterly review.

Statlook on the NIS2, ISO 27001 and DORA requirements map

Statlook is not a compliance tool in itself, but it supplies hard evidence covering specific controls required by auditors. In a typical audit we identify the following mappings:

  • NIS2 Directive (Art. 21(2)) — cybersecurity risk management measures, including lit. i) on ICT asset management and access control. The Assets module acts as the single source of truth for hardware, software and change history.
  • ISO/IEC 27001:2022 — Annex A: A.5.9 (inventory of information and assets — Statlook generates the register required in the SoA), A.5.10 (acceptable use of assets — Monitoring module provides evidence), A.5.32 (intellectual property rights — licence compliance audit), A.8.12 (data leakage prevention — USB and file flow control), A.8.16 (monitoring activities — logs and alerts).
  • DORA Regulation (Art. 8) — ICT risk management, identification of critical assets. Statlook as a database for per-asset risk assessment and a data source for the ICT asset register required by DORA for financial entities.
  • EU Whistleblower Directive (2019/1937) — the Whistleblower module directly supports the obligations of employers with ≥50 employees and all public sector entities. Compliant internal reporting channel with full audit trail.
  • GDPR (Regulation EU 2016/679) — the GDPR module supports data controller and DPO obligations: processing register, DPIAs, authorisation records, retention schedules and on-demand PDF reports.

Statlook integrations with client infrastructure

Statlook does not exist in isolation — in our deployments we connect it to the client’s existing systems to avoid double data entry and manual re-keying between applications:

  • Active Directory / Entra ID (Azure AD) — user account, group and OU synchronisation. Device owner data pulled automatically from AD attributes.
  • Microsoft 365 — M365 licence integration and cloud application usage reporting alongside on-premises applications, correlation of AD accounts with Office subscriptions.
  • SIEM (Microsoft Sentinel, Wazuh, Splunk) — forwarding Statlook logs to SIEM as one of the correlation sources for incident detection.
  • Helpdesk and ITSM systems — ticket export to external tools (Jira Service Management, ServiceNow) or native operation in the Statlook Helpdesk module.
  • Accounting and ERP systems — inventory export to fixed asset records (CSV, XML, REST API) for SAP and other international ERP platforms.
  • Intune / SCCM — distribution of Statlook agents through existing device management mechanisms in the organisation.

Who we deploy Statlook for

Statlook is chosen both by large regulated entities and mid-sized organisations that want to bring order to IT infrastructure management and prepare for a compliance audit. We most commonly work with organisations in the following sectors:

  • Public sector and administration — ministries, central government agencies, local authorities, cultural institutions and public entities subject to NIS2 and national cybersecurity frameworks.
  • Education — primary and secondary schools, universities, vocational training centres — organisations with large numbers of workstations and a licence compliance documentation requirement.
  • Healthcare — hospitals, clinics and laboratories obliged to manage assets and protect medical records under GDPR and applicable healthcare information regulations.
  • Mid-sized companies 50–500 workstations — employers required to set up a whistleblower channel (≥50 employees) and organisations that want to replace Excel spreadsheets with a single central system.
  • Financial sector — cooperative banks, credit unions, lending institutions, insurers and DORA-subject entities requiring an ICT asset register.
  • Manufacturing and industry — production facilities with IT/OT infrastructure, where Statlook covers the IT layer (office computers, servers, engineering laptops).
  • Energy, utilities and transport — network operators and NIS2-essential entities (energy, water, transport, waste management).
  • Professional services — law firms, consultancies, accounting offices — organisations with high client data protection requirements and whistleblower obligations.
  • Organisations preparing for ISO 27001:2022 certification — Statlook generates the asset register required in the SoA and provides evidence for controls A.5.9, A.5.10, A.5.32, A.8.12, A.8.16.
  • Companies with distributed infrastructure — multiple offices, remote and hybrid work, where manual asset tracking is impractical and prone to divergence.

Frequently asked questions about Statlook

How much does a Statlook licence cost?

Statlook is licensed per workstation (computer or user) with modular package tiers. The per-workstation price decreases with deployment scale and the number of modules selected. The vendor Media-press.tv S.A. offers separate, more favourable pricing for the public and education sectors and dedicated terms for multi-year contracts. We prepare an exact quote after a brief scoping call.

How long does a Statlook deployment take and what integrations are available with Active Directory and Microsoft 365?

Deployment consists of three blocks: Statlook server installation (Windows Server with MS SQL, optionally Linux from version 20 — typically 1 day), agent distribution to workstations (GPO, SCCM, Intune or manual — 1–3 days for 100–500 machines), module configuration, policies, integrations and reports (4–6 days). A full project fits within 2–4 weeks. Active Directory and Entra ID integration works natively. Microsoft 365 is integrated via Graph API to report M365 licence usage alongside on-premises applications.

Is Statlook a Polish product? Where is the data stored?

Yes. The manufacturer is the Polish company Media-press.tv S.A. headquartered at ul. Szymanowskiego 1/15, 30-047 Kraków. Active since 2002, serving more than 9,000 clients. Statlook is on-premises — data collected by the agents goes exclusively to the Statlook server installed at the client’s site. The vendor has no access to client operational data, which simplifies GDPR compliance significantly.

What is the difference between lawful monitoring and covert surveillance under labour law?

Workplace monitoring is the transparent collection of data necessary for work organisation and asset protection — with employees notified in writing, the employment policy updated accordingly, and scope limited to work-related applications and websites. We deploy Statlook exclusively in transparent mode — no live screen capture, no keylogger, no screen recording. A full audit trail of report access allows demonstrating who accessed a specific employee’s data and when. Virtline supplies template documents and consults the monitoring scope with the client’s DPO and HR department.

How does Statlook handle audit trail and log retention for ISO 27001 auditors?

Statlook logs all administrative operations with operator ID, timestamp and workstation IP. Default log retention is 12 months, configurable per module. Logs are exportable to an external SIEM. For ISO 27001 auditors we generate: asset register (control A.5.9), licence compliance report (A.5.32), security event history (A.8.16), GDPR authorisation list and a whistleblower case handling report.

Can data be migrated from Lansweeper, GLPI, AssetExplorer or another tool to Statlook?

Yes. In migration projects we export data from the existing tool (Lansweeper, GLPI, ManageEngine AssetExplorer, Microsoft Endpoint Manager, Excel spreadsheets) to CSV or XML, map fields to the Statlook data model and import device history along with metadata. During the first full inventory, Statlook independently detects discrepancies between the import and the actual state. Migration typically closes within 2–4 days.

Why deploy Statlook with Virtline?

Virtline has worked with Statlook as a partner for several years — not as a one-time reseller, but as the full first line of support for end clients. What differentiates our implementations from a simple licence delivery:

 Legal-technical documentation included — template monitoring policy, employee notification, data retention policy, DPIA for the Monitoring module and a whistleblower case handling procedure — all prepared by us, ready to customise.

 ISO 27001 certificate on the integrator side — Virtline holds the PN-EN ISO/IEC 27001:2023-08 certificate issued by TÜV NORD, meaning data shared during the implementation is protected to the highest industry standards.

 Experience with ISO 27001 and NIS2 audits — we know how an auditor reads Statlook reports, which specific fields to highlight and what evidence to gather so the compliance report is accepted at the first iteration.

 Migration from competing tools — from Lansweeper, GLPI, ManageEngine AssetExplorer, Microsoft Endpoint Manager and Excel spreadsheets. Field mapping, device history import and discrepancy detection completed in 2–4 days.

 English helpdesk Virtline + manufacturer escalation — first line of support on our side, escalation to the manufacturer where the issue requires code-level changes. Clients communicate in English during business hours.

 Pricing for the public and education sector — separate, more favourable licence terms for public entities and educational institutions, available through public procurement procedures.

Contact us to discuss deploying Statlook in your organisation — we will prepare an offer tailored to the number of workstations, chosen modules and compliance requirements (NIS2, ISO 27001, GDPR, Whistleblower Directive).

One platform for assets, monitoring, helpdesk, GDPR and whistleblowing — deployed in 2–4 weeks with full audit documentation.

Contact us →

 ISO/IEC 27001:2023 Certification

Virtline certified by TÜV NORD

Virtline holds the PN-EN ISO/IEC 27001:2023-08 certificate issued by TÜV NORD. Certificate number: AC090 121/2469/6137/2026, valid until 02.2029.