Basenorm vs Instant 27001
Living platform or document toolkit?
Instant 27001 is a battle-tested ISO 27001 documentation toolkit with a 100% first-time certification track record across 2,500+ organisations, delivered as a one-time licence on top of Confluence or Microsoft 365. Basenorm is the AI-native living platform where controls, risks and evidence are connected entities — chosen when compliance scope extends beyond ISO 27001 and when your team wants an AI assistant for the ongoing operation, not only certification.
Why Basenorm
Three things that don't change, whoever we're compared with
Unified Control Framework
Define every control once in the Unified Control Library and map it automatically across ISO 27001, SOC 2, NIS2, DORA, AVG, BIO and the frameworks you will add next. No duplicate evidence, no parallel workbooks.
Map your own frameworks to any standard
Internal policies, supplier standards, vertical regulations — bring them into Basenorm alongside the ISO, SOC and EU catalogues. Your frameworks are first-class citizens, not forced into someone else's taxonomy.
AI-first and MCP-native, no legacy
AskNorman is built on current-generation LLMs connected through the Model Context Protocol (MCP). A modern AI workflow from day one, not a chatbot bolted onto a legacy GRC stack.
When to choose which
Choose Instant 27001 if
- You want a battle-tested ISO 27001 documentation toolkit with a money-back guarantee.
- A one-time licence fee (€2,495–€4,495) is a better financial fit than a recurring SaaS subscription.
- Your programme already uses Confluence or Microsoft 365 as the operating platform.
- You prefer to host ISMS content on your own infrastructure (your Confluence or M365 tenant).
- ISO 27001 is the primary target; other frameworks are adjacencies you can add later.
Choose Basenorm if
- ISO 27001 is one framework among many (NIS2, DORA, EU AI Act, AVG, BIO) in your real scope.
- You want a living compliance platform with continuous monitoring, not static documents that need manual updating.
- An AI-first assistant (AskNorman) for drafting, analysis and gap detection fits your operating model.
- A Governance Graph with entity relationships fits how you think about controls, risks and evidence.
- You prefer a SaaS model with continuous product updates over a one-time licence you self-maintain.
Feature-by-feature comparison
Supported · Partial · Not available
| Feature | Basenorm | Instant 27001 |
|---|---|---|
ISO 27001 support Instant 27001's primary focus with a 100% first-time certification claim across 2,500+ organisations. | ||
SOC 2 support Available as an Instant 27001 add-on. | ||
NIS2 coverage Positioned as compliance support rather than native modelling. | ||
DORA coverage | ||
GDPR / AVG support | ||
EU AI Act support Via ISO 42001 add-on. | ||
BIO (Dutch public-sector baseline) | ||
Pre-built ISO 27001 document templates Instant 27001 ships ~20 policies and ~10 procedures ready to use. | ||
One-time licence (no subscription) Instant 27001: €2,495–€4,495 one-time. Basenorm: SaaS subscription. | ||
Deployed on your own Confluence or M365 | ||
AI-first assistant as primary surface | ||
Governance Graph (linked entities) | ||
Unified Control Library | ||
Continuous platform updates Instant 27001 ships template updates; Basenorm ships continuous platform updates. | ||
Evidence collection automation Instant 27001 provides templates; evidence collection is manual inside Confluence or M365. | ||
Multi-framework control mapping | ||
Custom frameworks | ||
Money-back guarantee Instant 27001 offers a money-back guarantee. | ||
Publicly listed pricing Both publish pricing publicly. | ||
EU-headquartered vendor |
Comparison information is based on publicly available sources as of April 2026. Vendor features and pricing change frequently; please verify with each vendor before making a decision.
Document toolkit vs living platform
Instant 27001 is a documentation toolkit: pre-built policies, procedures, risk templates and a Statement of Applicability skeleton that you deploy into Confluence or Microsoft 365 and then maintain. It excels at getting organisations to their first ISO 27001 certification with a claimed 100% first-time success rate across 2,500+ organisations. Basenorm is a living platform: controls, risks, assets and evidence are entities in the Governance Graph, continuously monitored, with AskNorman interpreting evidence and drafting changes in response to framework updates.
- Instant 27001: documentation toolkit deployed to your own Confluence or M365.
- Basenorm: living SaaS platform with continuous monitoring and AI assistance.
- Different operating models: Instant 27001 optimises for certification; Basenorm optimises for ongoing operation.
One-time cost vs recurring SaaS
Instant 27001 licences at €2,495 (Startup) to €4,495 (Enterprise) as a one-time fee — a compelling financial model for teams that want certification without a long-term subscription. Basenorm is a recurring SaaS where the product itself evolves continuously, regulatory updates ship within 24-48 hours, and the platform grows with your scope. Both models are honest; they serve different financial preferences and compliance scopes.
- Instant 27001: €2,495–€4,495 one-time licence; renewals optional for template updates.
- Basenorm: SaaS subscription with continuous product updates included.
- Include maintenance cost in the comparison: Instant 27001 teams self-maintain; Basenorm ships updates.
Framework scope: ISO 27001 or multi-framework
Instant 27001's core product is ISO 27001; other frameworks (SOC 2, ISO 27701, ISO 42001, VDA-ISA 6/TISAX) are add-ons. Basenorm is multi-framework from the core, with ISO 27001, NIS2, DORA, EU AI Act, BIO, AVG, SOC 2 and ISAE 3402 as first-class frameworks sharing a Unified Control Library. For teams targeting ISO 27001 only, Instant 27001's depth is excellent; for teams with a broader EU-regulatory scope, Basenorm's UCL scales better.
- Instant 27001: ISO 27001-primary with framework add-ons.
- Basenorm: multi-framework through the Unified Control Library from day one.
- NIS2, DORA and EU AI Act get native treatment in Basenorm; Instant 27001 positions them as compliance support.
AI-first vs template-first operation
Instant 27001's value is its template library: policies and procedures proven across 2,500+ certifications. Basenorm's value is AI-first operation: AskNorman drafts controls, interprets evidence and closes gaps continuously. Both reduce workload; the difference is whether your team prefers starting from proven templates and maintaining them manually, or starting from an AI assistant that keeps the content current.
- Instant 27001: proven pre-built templates, maintained by your team after deployment.
- Basenorm: AskNorman AI drafts, interprets and updates content as frameworks and evidence change.
- Combining both is possible: export Instant 27001 content into Basenorm and let AskNorman maintain it.
Switching to Basenorm
Switching from Instant 27001 to Basenorm
Teams move from Instant 27001 to Basenorm after their first ISO 27001 certification, when ongoing operation — not initial certification — becomes the bigger workload, or when scope expands beyond ISO 27001 into EU-specific regulation. The migration preserves everything Instant 27001 provided: export the policies, procedures, risk register, Statement of Applicability and audit records from Confluence or Microsoft 365; upload to Basenorm; AskNorman analyses each document and maps it semantically to the Unified Control Library. Your Instant 27001 template investment becomes the starting library for Basenorm's governance graph. Most teams complete the migration inside one quarter, with Basenorm's AskNorman taking over ongoing maintenance so the content stays current without manual template revisions.
Frequently asked questions
Disclosure: Basenorm is the platform we build. We aim for accuracy and fairness, cite public sources where possible, and encourage you to verify every claim with the respective vendor.