Skip to main content
Online ISMS Platform for European Compliance Teams

Chat your way
to Compliance.

Just ask. Norman handles the rest.

Basenorm manages your ISO 27001NIS2GDPRISO 9001SOC 2DORAEU AI ActISO 42001ISAE 3402BIONEN 7510ISO 14001 controls from one platform. Any framework, built-in or custom. Gaps are automatically flagged, tasks assigned, and evidence linked, so your team always knows where it stands and auditors miss nothing.

Book a DemoExplore the Platform →
Interactive demo of Basenorm's AI compliance chat showing MCP tool calls for ISO 27001 readiness checks, control gap remediation, evidence attachment, audit preparation, and risk queries

Your Complete Platform

Not just a chatbot. A complete ISMS platform.

Basenorm is a full application with dashboards, task management, evidence collection and audit trails. Chat is just one of many ways to interact with it.

/ dashboard
Compliance Overview
93
Controls
94%
Completion
5
Open Tasks
3
Findings
Health Score88%
Upcoming Deadlines
15 mrtInternal audit reviewAudit
20 mrtRisk assessment updateRisk
28 mrtPolicy review cyclePolicy
/ controls / A.6.3
A.6.3 Security awareness training
Implementation Checklist0/5
Define training curriculum
Schedule quarterly sessions
Track attendance records
Distribute awareness materials
Conduct assessment quiz
/ tasks
Open2
Review firewall rules
Infra
Update asset register
Assets
In Progress1
Draft BCP document
Policy
Done1
Vendor assessment Q1
Risk
/ schedules
Schedules & Runs
ScheduleFrequencyNext RunStatus
MFA configuration reviewMonthly15 mrt 2026Scheduled
Password policy verificationQuarterly1 apr 2026Pending
Recent Runs
Access control audit8 mrtPassed
Backup verification5 mrt1 finding
Firewall rule review1 mrtPassed
/ activity
Activity Log
LS
Lisa S. completed control A.8.1Control
2m ago
MR
Mark R. uploaded evidence for A.6.3Evidence
8m ago
JD
Jan D. flagged finding F-2024-019Finding
15m ago
AK
Anna K. scheduled quarterly reviewSchedule
32m ago
PB
Peter B. escalated overdue task TSK-312Task
1h ago
/ evidence
Evidence Requirements
RequirementTypeStatusProgress
Training completion certificatesDocumentCollected12/12
Phishing simulation test resultsReportPartial8/12
Security quiz scoresDataPending0/12

Continuous Assurance

Not a one-time audit. A continuous cycle.

Basenorm follows the PDCA cycle so compliance isn't a project, it's an ongoing process from setup to improvement.

01 / Plan
Connect Systems
Link your frameworks, define controls and assign owners. Basenorm automatically maps overlapping requirements through the Unified Control Model.
PLAN
02 / Do
Collect Evidence
Gather evidence automatically via integrations or manually. Link each piece of evidence directly to the right control and framework requirement.
DO
03 / Check
Monitor Controls
Run compliance checks on schedule. Basenorm flags gaps, expired evidence and overdue tasks, proactively, not after the fact.
CHECK
04 / Act
Stay Audit-Ready
Resolve findings, improve controls and enter the next cycle. Your organisation grows stronger every round, continuously, not once.
ACT
Continuous Assurance Cycle

Integrates with tools you already use

Microsoft 365SharePointGoogle WorkspaceJiraClaude AISlackTeams

Structured Output

One question. 114 records in your database.

AskNorman turns natural-language prompts into structured controls, risks, tasks and evidence, stored directly in your governance database.

STEP 1 · USER
You ask a question
In plain language, from any AI client. No menus, no forms.
You
Set up ISO 27001 for my organisation. Create all Annex A controls, link them to the framework, and schedule the first compliance run for next month.
Norman · AI
Understood. I'll now create the ISO 27001:2022 framework with all 93 Annex A controls, configure the mapping, and schedule a monthly compliance run.

Quick Scan

Already have an ISMS? Bring it along.

Upload your existing policies from SharePoint, Google Drive or Confluence. Basenorm maps them to your control library automatically.

SharePoint
Google Drive
Confluence
Other ISMS
Quick Scan
Controls mapped
Evidence linked
Gaps identified
Tasks created
ISO 27001NIS2DORASOC 2BIOGDPRCustom

Unified Control Framework

Unified Control Framework.

Frameworks share more controls than you think. Basenorm maps them automatically — implement once, comply with everything.

ISO 27001, GDPR and NIS2 share ~70–80% of their controls.

The core ~45% — risk analysis, access management, encryption, incident response, logging, supplier security and continuity planning — is identical across all three. Only ~20–30% is truly unique per framework: Annex A specifics for ISO 27001, data subject rights for GDPR, and direct authority reporting for NIS2.

70–80%

ISO 27001 ↔ NIS2

Incident response, supplier security, continuity, encryption — NIS2 builds directly on ISO 27001 controls.

60–70%

ISO 27001 ↔ GDPR

Privacy by design, access controls, breach procedures, processing registers and risk analysis.

50–60%

GDPR ↔ NIS2

NIS2 explicitly references personal data protection and breach notification requirements.

40–50%

ISO 27001 ↔ ISO 9001

Risk management, internal audits, management review, documentation and PDCA cycle.

25–35%

ISO 9001 ↔ NIS2

Business continuity, supplier management and internal governance controls.

20–30%

ISO 9001 ↔ GDPR

Process management and documentation overlap.

Basenorm Unified Control GraphInteractive diagram showing how ISO 27001, ISO 42001 and SOC 2 frameworks share controls like Access Control, Risk Management, Encryption, Monitoring, and Incident Response through a single unified assurance model.ISO 27001ISO 42001SOC 2A.5.1A.6.2A.7.1A.8.23A.5.106.1.16.1.29.210.1B.3CC6.1CC7.2CC8.1CC5.2CC6.3Access ControlRisk MgmtIncident Resp.Change MgmtEncryptionMonitoringAwarenessLoggingVendor Mgmt
ISO 27001
ISO 42001
SOC 2
Shared

Task Automation

Every action. Becomes a task.

Findings, risks and control gaps automatically generate assigned tasks with owners, deadlines and full traceability — synced to external systems like Outlook, Jira or Microsoft Planner.

ControlA.8.23 · Web filtering
FindingFND-12 · Policy missing
TaskTSK-447 · @infra · 13 mar

Security Built In

Built for security. Built for trust.

Your compliance data deserves the highest level of protection. Basenorm is built from the ground up with enterprise-grade security.

End-to-end encrypted
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Zero-knowledge architecture where possible.
EU-hosted · GDPR compliant
Hosted on Azure West Europe. Fully GDPR-compliant with Data Processing Agreement and privacy documentation.
Multi-tenant isolation
Every organisation has its own database. Full data isolation, no shared tables, no cross-tenant leaks.
SSO & MFA
Enterprise single sign-on via Azure AD / Entra ID. Multi-factor authentication enforceable per tenant.
Complete audit logging
Every action is recorded in an immutable audit trail. Exportable for external audits and compliance reviews.
Role-based access (RBAC)
Granular permissions per role: owner, admin, user, auditor. Least-privilege by default.

Customer Success Stories

Book a Demo →

Ready to unify your compliance frameworks?

See how European teams manage NIS2, DORA, ISO 27001, GDPR and EU AI Act from one platform.

Book a Demo →Explore the Platform