Skip to main content
    GRC Software for European Compliance Teams

    Chat your way
    to Compliance.

    Just ask. Norman handles the rest.

    Basenorm manages your ISO 27001NIS2GDPRISO 9001SOC 2DORAEU AI ActISO 42001ISAE 3402BIONEN 7510ISO 14001 controls from one platform. Any framework, built-in or custom. Gaps are automatically flagged, tasks assigned, and evidence linked, so your team always knows where it stands and auditors miss nothing.

    Book a DemoExplore the Platform →
    Interactive chat demo

    // Your Complete Platform

    Not just a chatbot.
    A complete ISMS platform.

    Basenorm is a full application with dashboards, task management, evidence collection and audit trails. Chat is just one of many ways to interact with it.

    / dashboard
    Compliance Overview
    93
    Controls
    94%
    Completion
    5
    Open Tasks
    3
    Findings
    Health Score88%
    Upcoming Deadlines
    Mar 15Internal audit reviewAudit
    Mar 20Risk assessment updateRisk
    Mar 28Policy review cyclePolicy
    / controls / A.6.3
    A.6.3 Security awareness training
    Implementation Checklist5/5
    Define training curriculum
    Schedule quarterly sessions
    Track attendance records
    Distribute awareness materials
    Conduct assessment quiz
    / tasks
    Open2
    Review firewall rules
    Infra
    Update asset register
    Assets
    In Progress2
    Draft BCP document
    Policy
    Patch management scan
    Security
    Done1
    Vendor assessment Q1
    Risk
    / schedules
    Schedules & Runs
    ScheduleFrequencyNext RunStatus
    MFA configuration reviewMonthlyMar 15, 2026Scheduled
    Password policy verificationQuarterlyApr 01, 2026Pending
    Recent Runs
    Access control auditMar 08Passed
    Backup verificationMar 051 finding
    Firewall rule reviewMar 01Passed
    / activity
    Activity Log
    LS
    Lisa S. completed control A.8.1Control
    2m ago
    MR
    Mark R. uploaded evidence for A.6.3Evidence
    8m ago
    JD
    Jan D. flagged finding F-2024-019Finding
    15m ago
    AK
    Anna K. scheduled quarterly reviewSchedule
    32m ago
    PB
    Peter B. escalated overdue task TSK-312Task
    1h ago
    / evidence
    Evidence Requirements
    RequirementTypeStatusProgress
    Training completion certificatesDocumentCollected12/12
    Phishing simulation test resultsReportPartial8/12
    Security quiz scoresDataPending0/12

    // Continuous Assurance

    Not a one-time audit.
    A continuous cycle.

    Basenorm follows the PDCA cycle so compliance isn't a project, it's an ongoing process from setup to improvement.

    01 / Plan
    Connect Systems
    Link your frameworks, define controls and assign owners. Basenorm automatically maps overlapping requirements through the Unified Control Model.
    PLAN
    02 / Do
    Collect Evidence
    Gather evidence automatically via integrations or manually. Link each piece of evidence directly to the right control and framework requirement.
    DO
    03 / Check
    Monitor Controls
    Run compliance checks on schedule. Basenorm flags gaps, expired evidence and overdue tasks, proactively, not after the fact.
    CHECK
    04 / Act
    Stay Audit-Ready
    Resolve findings, improve controls and enter the next cycle. Your organisation grows stronger every round, continuously, not once.
    ACT
    Continuous Assurance Cycle

    Integrates with tools you already use

    Microsoft 365SharePointGoogle WorkspaceJiraClaude AISlackTeams

    // Structured Output

    One question.
    114 records in your database.

    AskNorman turns natural-language prompts into structured controls, risks, tasks and evidence, stored directly in your governance database.

    STEP 2 · AI CLIENT
    AI translates to actions
    Claude, ChatGPT or Copilot understands your request and generates MCP tool calls.
    I'm translating your request into 3 MCP tool calls...
    MCP / JSON-RPC
    tool/callbasenorm_create_objecttype: "FRAMEWORK", title: "ISO 27001:2022"
    tool/callbasenorm_create_objecttype: "CONTROL", count: 93, parent: "ISO 27001"
    tool/callbasenorm_create_schedulecron: "0 9 1 * *", scope: "all_controls"

    // Quick Scan

    Already have an ISMS?
    Bring it along.

    Upload your existing policies from SharePoint, Google Drive or Confluence. Basenorm maps them to your control library automatically.

    SharePoint
    Google Drive
    Confluence
    Other ISMS
    Quick Scan
    Controls mapped
    Evidence linked
    Gaps identified
    Tasks created
    ISO 27001NIS2DORASOC 2BIOGDPRCustom

    // Unified Control Framework

    Unified Control
    Framework.

    Frameworks share more controls than you think. Basenorm maps them automatically — implement once, comply with everything.

    ISO 27001, GDPR and NIS2 share ~70–80% of their controls.

    The core ~45% — risk analysis, access management, encryption, incident response, logging, supplier security and continuity planning — is identical across all three. Only ~20–30% is truly unique per framework: Annex A specifics for ISO 27001, data subject rights for GDPR, and direct authority reporting for NIS2.

    70–80%

    ISO 27001 ↔ NIS2

    Incident response, supplier security, continuity, encryption — NIS2 builds directly on ISO 27001 controls.

    60–70%

    ISO 27001 ↔ GDPR

    Privacy by design, access controls, breach procedures, processing registers and risk analysis.

    50–60%

    GDPR ↔ NIS2

    NIS2 explicitly references personal data protection and breach notification requirements.

    40–50%

    ISO 27001 ↔ ISO 9001

    Risk management, internal audits, management review, documentation and PDCA cycle.

    25–35%

    ISO 9001 ↔ NIS2

    Business continuity, supplier management and internal governance controls.

    20–30%

    ISO 9001 ↔ GDPR

    Process management and documentation overlap.

    Basenorm Unified Control GraphInteractive diagram showing how ISO 27001, ISO 42001 and SOC 2 frameworks share controls like Access Control, Risk Management, Encryption, Monitoring, and Incident Response through a single unified assurance model.ISO 27001ISO 42001SOC 2A.5.1A.6.2A.7.1A.8.23A.5.106.1.16.1.29.210.1B.3CC6.1CC7.2CC8.1CC5.2CC6.3Access ControlRisk MgmtIncident Resp.Change MgmtEncryptionMonitoringAwarenessLoggingVendor Mgmt
    ISO 27001
    ISO 42001
    SOC 2
    Gedeeld

    // Task Automation

    Every action.
    Becomes a task.

    Findings, risks and control gaps automatically generate assigned tasks with owners, deadlines and full traceability — synced to external systems like Outlook, Jira or Microsoft Planner.

    FindingFND-08 · Evidence expired
    EvidenceQ1 training report
    TaskTSK-501 · @compliance · 20 mar

    // Security Built In

    Built for security.
    Built for trust.

    Your compliance data deserves the highest level of protection. Basenorm is built from the ground up with enterprise-grade security.

    End-to-end encrypted
    All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Zero-knowledge architecture where possible.
    EU-hosted · GDPR compliant
    Hosted on Azure West Europe. Fully GDPR-compliant with Data Processing Agreement and privacy documentation.
    Multi-tenant isolation
    Every organisation has its own database. Full data isolation, no shared tables, no cross-tenant leaks.
    SSO & MFA
    Enterprise single sign-on via Azure AD / Entra ID. Multi-factor authentication enforceable per tenant.
    Complete audit logging
    Every action is recorded in an immutable audit trail. Exportable for external audits and compliance reviews.
    Role-based access (RBAC)
    Granular permissions per role: owner, admin, user, auditor. Least-privilege by default.

    Customer Success Stories

    Book a Demo →

    Ready to unify your compliance frameworks?

    See how European teams manage NIS2, DORA, ISO 27001, GDPR and EU AI Act from one platform.

    Book a Demo →Explore the Platform
    We use cookies to improve your experience and analyse site traffic. By clicking "Accept All", you consent to analytics cookies. Privacy Policy