Skip to main content
Online ISMS Platform for European Compliance Teams

Chat your way
to Compliance.

Just ask. Norman handles the rest.

Basenorm manages your ISO 27001NIS2GDPRISO 9001SOC 2DORAEU AI ActISO 42001ISAE 3402BIONEN 7510ISO 14001 controls from one platform. Any framework, built-in or custom. Gaps are automatically flagged, tasks assigned, and evidence linked, so your team always knows where it stands and auditors miss nothing.

Book a DemoExplore the Platform →

Platform summary

What is Basenorm?

Basenorm is an EU-native, AI-powered ISMS and GRC platform for European compliance and security teams. It manages ISO 27001, NIS2, DORA, GDPR and the EU AI Act from one system, with all data hosted in Europe.

  • EU-native platform: infrastructure and data stay in Europe, purpose-built for EU regulatory frameworks and European buyers.
  • Control-first: define controls once in the Unified Control Library and Basenorm automatically maps them across all active frameworks, with no duplicate work.
  • ISO 27001, NIS2 and GDPR share 70–80% of their controls. Basenorm eliminates the overlap so your team implements once and complies with all three.
  • AskNorman AI assistant: one natural-language question turns into structured controls, risks and tasks stored directly in your governance database.
  • Continuous assurance via the PDCA cycle: stay certification-ready between surveillance audits, not just in the weeks before them.
Interactive demo of Basenorm's AI compliance chat showing MCP tool calls for ISO 27001 readiness checks, control gap remediation, evidence attachment, audit preparation, and risk queries

Your Complete Platform

Not just a chatbot. A complete ISMS platform.

Basenorm is a complete ISMS and GRC application, not just an AI chat interface. It includes dashboards for compliance posture, task management for gap remediation, evidence collection linked directly to controls, policy management and full audit trails. Chat through AskNorman is one interaction mode among many in a single, integrated system.

/ dashboard
Compliance Overview
93
Controls
94%
Completion
5
Open Tasks
3
Findings
Health Score88%
Upcoming Deadlines
15 mrtInternal audit reviewAudit
20 mrtRisk assessment updateRisk
28 mrtPolicy review cyclePolicy
/ controls / A.6.3
A.6.3 Security awareness training
Implementation Checklist0/5
Define training curriculum
Schedule quarterly sessions
Track attendance records
Distribute awareness materials
Conduct assessment quiz
/ tasks
Open2
Review firewall rules
Infra
Update asset register
Assets
In Progress1
Draft BCP document
Policy
Done1
Vendor assessment Q1
Risk
/ schedules
Schedules & Runs
ScheduleFrequencyNext RunStatus
MFA configuration reviewMonthly15 mrt 2026Scheduled
Password policy verificationQuarterly1 apr 2026Pending
Recent Runs
Access control audit8 mrtPassed
Backup verification5 mrt1 finding
Firewall rule review1 mrtPassed
/ activity
Activity Log
LS
Lisa S. completed control A.8.1Control
2m ago
MR
Mark R. uploaded evidence for A.6.3Evidence
8m ago
JD
Jan D. flagged finding F-2024-019Finding
15m ago
AK
Anna K. scheduled quarterly reviewSchedule
32m ago
PB
Peter B. escalated overdue task TSK-312Task
1h ago
/ evidence
Evidence Requirements
RequirementTypeStatusProgress
Training completion certificatesDocumentCollected12/12
Phishing simulation test resultsReportPartial8/12
Security quiz scoresDataPending0/12

Continuous Assurance

Not a one-time audit. A continuous cycle.

Basenorm is built around the PDCA (Plan-Do-Check-Act) cycle, making compliance a continuous operational process rather than a one-time certification event. The platform monitors controls, collects evidence, identifies gaps and generates remediation tasks in a closed loop, so your organisation maintains audit-readiness every day, not just before a scheduled audit.

01 / Plan
Connect Systems
Link your frameworks, define controls and assign owners. Basenorm automatically maps overlapping requirements through the Unified Control Model.
PLAN
02 / Do
Collect Evidence
Gather evidence automatically via integrations or manually. Link each piece of evidence directly to the right control and framework requirement.
DO
03 / Check
Monitor Controls
Run compliance checks on schedule. Basenorm flags gaps, expired evidence and overdue tasks, proactively, not after the fact.
CHECK
04 / Act
Stay Audit-Ready
Resolve findings, improve controls and enter the next cycle. Your organisation grows stronger every round, continuously, not once.
ACT
Continuous Assurance Cycle

Integrates with tools you already use

Microsoft 365SharePointGoogle WorkspaceJiraClaude AISlackTeams

Structured Output

One question. 114 records in your database.

AskNorman, the Basenorm AI assistant, turns a single natural-language question into structured output stored directly in your governance database. One prompt can generate a complete set of controls, linked risk assessments, assigned tasks and evidence requirements, removing the manual data-entry work that slows compliance teams down.

STEP 1 · USER
You ask a question
In plain language, from any AI client. No menus, no forms.
You
Set up ISO 27001 for my organisation. Create all Annex A controls, link them to the framework, and schedule the first compliance run for next month.
Norman · AI
Understood. I'll now create the ISO 27001:2022 framework with all 93 Annex A controls, configure the mapping, and schedule a monthly compliance run.

Quick Scan

Already have an ISMS? Bring it along.

If your organisation already has an ISMS built in SharePoint, Google Drive, Confluence or another system, Basenorm imports and maps your existing policies and controls automatically with a Quick Scan. Gaps are identified immediately and existing evidence is linked to the relevant controls in the Unified Control Library.

SharePoint
Google Drive
Confluence
Other ISMS
Quick Scan
Controls mapped
Evidence linked
Gaps identified
Tasks created
ISO 27001NIS2DORASOC 2BIOGDPRCustom

Unified Control Framework

Unified Control Framework.

ISO 27001, NIS2, DORA, GDPR and the EU AI Act share a large common core of controls. Basenorm's Unified Control Library maps every framework in a single database, so when a control satisfies multiple standards (encryption, access management, incident response), your team defines it once and the mapping is automatic.

ISO 27001, GDPR and NIS2 share ~70–80% of their controls.

The core ~45% — risk analysis, access management, encryption, incident response, logging, supplier security and continuity planning — is identical across all three. Only ~20–30% is truly unique per framework: Annex A specifics for ISO 27001, data subject rights for GDPR, and direct authority reporting for NIS2.

70–80%

ISO 27001 ↔ NIS2

Incident response, supplier security, continuity, encryption — NIS2 builds directly on ISO 27001 controls.

60–70%

ISO 27001 ↔ GDPR

Privacy by design, access controls, breach procedures, processing registers and risk analysis.

50–60%

GDPR ↔ NIS2

NIS2 explicitly references personal data protection and breach notification requirements.

40–50%

ISO 27001 ↔ ISO 9001

Risk management, internal audits, management review, documentation and PDCA cycle.

25–35%

ISO 9001 ↔ NIS2

Business continuity, supplier management and internal governance controls.

20–30%

ISO 9001 ↔ GDPR

Process management and documentation overlap.

Basenorm Unified Control GraphInteractive diagram showing how ISO 27001, ISO 42001 and SOC 2 frameworks share controls like Access Control, Risk Management, Encryption, Monitoring, and Incident Response through a single unified assurance model.ISO 27001ISO 42001SOC 2A.5.1A.6.2A.7.1A.8.23A.5.106.1.16.1.29.210.1B.3CC6.1CC7.2CC8.1CC5.2CC6.3Access ControlRisk MgmtIncident Resp.Change MgmtEncryptionMonitoringAwarenessLoggingVendor Mgmt
ISO 27001
ISO 42001
SOC 2
Shared

Task Automation

Every action. Becomes a task.

Every finding, risk assessment and control gap in Basenorm automatically creates an assigned task with an owner, a deadline and a full audit trail. Tasks sync to external systems including Jira, Microsoft Planner and Outlook, so compliance work slots into existing team workflows without switching between tools.

ControlA.8.23 · Web filtering
FindingFND-12 · Policy missing
TaskTSK-447 · @infra · 13 mar

Security Built In

Built for security. Built for trust.

Basenorm is hosted on Azure West Europe infrastructure, ensuring all compliance data stays within the European Union. The platform encrypts data in transit and at rest, enforces role-based access control, supports SSO and MFA via Azure AD, and maintains a complete immutable audit log of every action.

End-to-end encrypted
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Zero-knowledge architecture where possible.
EU-hosted · GDPR compliant
Hosted on Azure West Europe. Fully GDPR-compliant with Data Processing Agreement and privacy documentation.
Multi-tenant isolation
Every organisation has its own database. Full data isolation, no shared tables, no cross-tenant leaks.
SSO & MFA
Enterprise single sign-on via Azure AD / Entra ID. Multi-factor authentication enforceable per tenant.
Complete audit logging
Every action is recorded in an immutable audit trail. Exportable for external audits and compliance reviews.
Role-based access (RBAC)
Granular permissions per role: owner, admin, user, auditor. Least-privilege by default.

Frequently Asked Questions

Common questions about Basenorm

What is Basenorm?
Basenorm is an EU-native, AI-powered ISMS and GRC platform for European compliance and security teams. It centralises controls, risks, evidence and audit cycles for ISO 27001, NIS2, DORA, GDPR and the EU AI Act in one system, with all data hosted in Europe and a Data Processing Agreement included.
Which compliance frameworks does Basenorm support?
Basenorm supports ISO 27001, NIS2, DORA, GDPR, the EU AI Act, SOC 2, ISO 9001, ISAE 3402, PCI DSS, HIPAA, BIO and custom frameworks. All frameworks are managed through the Unified Control Library so controls that overlap (such as the 70–80% shared by ISO 27001 and NIS2) are implemented once and applied across all active frameworks automatically.
What is the Unified Control Library?
The Unified Control Library (UCL) is Basenorm's master control framework. It holds every control from all active compliance frameworks in a single database. When a control appears in multiple frameworks (for example, encryption requirements shared by ISO 27001, NIS2 and GDPR), the UCL maps them together so your team defines the control once and satisfies all frameworks simultaneously.
Is Basenorm an EU-native platform?
Yes. Basenorm is incorporated and hosted in the Netherlands. All customer data is stored on infrastructure within the European Union, and the platform is built specifically for EU regulatory frameworks including NIS2, DORA, GDPR and the EU AI Act. A Data Processing Agreement is provided to all customers as standard.
How does Basenorm support continuous compliance?
Basenorm follows the PDCA (Plan-Do-Check-Act) cycle to make compliance a continuous process rather than a point-in-time audit. Controls are monitored, evidence is collected and identified gaps automatically generate tasks with owners and deadlines. The result is continuous assurance: your organisation stays certification-ready between surveillance audits, not just in the weeks before them.
See all frequently asked questions

Regulatory references

Customer Success Stories

Book a Demo →

Ready to unify your compliance frameworks?

See how European teams manage NIS2, DORA, ISO 27001, GDPR and EU AI Act from one platform.

Book a Demo →Explore the Platform