Basenorm vs ISMS.online
Living platform or template-rich ISMS?
ISMS.online is the most template-rich ISMS platform, with a Virtual Coach and the Assured Results Method for first-time ISO 27001 certification. Basenorm is AI-native and governance-first — a living platform where controls, risks and evidence are connected entities, with automatic cross-framework mapping for organisations whose scope extends beyond ISO 27001 into NIS2 and DORA.
Why Basenorm
Three things that don't change, whoever we're compared with
Unified Control Framework
Define every control once in the Unified Control Library and map it automatically across ISO 27001, SOC 2, NIS2, DORA, AVG, BIO and the frameworks you will add next. No duplicate evidence, no parallel workbooks.
Map your own frameworks to any standard
Internal policies, supplier standards, vertical regulations — bring them into Basenorm alongside the ISO, SOC and EU catalogues. Your frameworks are first-class citizens, not forced into someone else's taxonomy.
AI-first and MCP-native, no legacy
AskNorman is built on current-generation LLMs connected through the Model Context Protocol (MCP). A modern AI workflow from day one, not a chatbot bolted onto a legacy GRC stack.
When to choose which
Choose ISMS.online if
- You want the richest set of pre-built ISO 27001 templates and policy documents in the category.
- Virtual Coach guidance for first-time certification is a major value driver for your team.
- Document-first ISMS operations (policies, procedures, records) fit how your team prefers to work.
- The ARM (Assured Results Method) structured roadmap matches your programme preferences.
- ISO 27001 is your primary focus with ISO 27002, 27701 and 22301 as adjacencies.
Choose Basenorm if
- ISO 27001 plus NIS2, DORA, EU AI Act, AVG or BIO is your real compliance scope.
- You want AI-first workflow (AskNorman) with semantic evidence analysis, not only template-driven document management.
- A Governance Graph with linked entities (controls, risks, assets, policies, evidence) matters for your programme.
- Continuous assurance between audits is the operating model you want, not a roadmap-first approach.
- You prefer EU-native infrastructure (post-Brexit, ISMS.online is UK-based) and deeper Dutch/BIO coverage.
Feature-by-feature comparison
Supported · Partial · Not available
| Feature | Basenorm | ISMS.online |
|---|---|---|
ISO 27001 support | ||
SOC 2 support | ||
NIS2 native coverage | ||
DORA native coverage | ||
GDPR / AVG support | ||
EU AI Act support ISMS.online covers ISO 42001 (AI management) rather than the EU AI Act directly. | ||
BIO (Dutch public-sector baseline) | ||
Rich ISO 27001 template library ISMS.online's template depth is its known strength. | ||
AI-first assistant as primary surface ISMS.online has Virtual Coach; AskNorman is Basenorm's primary interaction surface. | ||
Governance Graph (linked entities) | ||
Unified Control Library (define once, map many) ISMS.online maps between frameworks; Basenorm centralises in one semantic library. | ||
EU-headquartered vendor (post-Brexit) ISMS.online is UK-based; post-Brexit the UK is outside the EU for GDPR and DORA supplier considerations. | ||
EU data residency by default | ||
Continuous audit-readiness model | ||
Statement of Applicability management | ||
Evidence collection automation | ||
Multi-framework control mapping | ||
Custom frameworks | ||
Publicly listed pricing ISMS.online pricing is quote-based; not publicly listed. | ||
Free trial available ISMS.online offers demos; public self-serve trial varies. |
Comparison information is based on publicly available sources as of April 2026. Vendor features and pricing change frequently; please verify with each vendor before making a decision.
Template-rich vs AI-first
ISMS.online's strength is its pre-built template and policy library plus the Virtual Coach guided path — especially valuable for first-time ISO 27001 certification with a claimed 25,000+ users on the platform. Basenorm takes an AI-first approach via AskNorman, which drafts controls, reads uploaded policies, interprets evidence and closes gaps continuously. Both reduce time-to-certification; the difference is whether your team prefers working through templates or working through an AI assistant.
- ISMS.online: extensive pre-built templates and the Assured Results Method roadmap.
- Basenorm: AskNorman AI handles drafting, evidence interpretation, and gap analysis throughout the cycle.
- For first-time ISO 27001 certification with a template-driven team, ISMS.online's depth is a strong fit.
EU-native infrastructure and post-Brexit positioning
ISMS.online is headquartered in the United Kingdom. Since Brexit, the UK sits outside the EU for GDPR adequacy, DORA third-party oversight and NIS2 supply-chain reviews — meaning EU buyers must treat ISMS.online's data flows the same way they treat any non-EU vendor. Basenorm is headquartered in the Netherlands with EU data residency by default, which simplifies the supplier assessment for EU compliance programmes.
- Basenorm: Netherlands-based, EU data residency default, inside GDPR's primary jurisdiction.
- ISMS.online: UK-based, post-Brexit, outside the EU for regulatory purposes.
- For BIO (Dutch public-sector) and Dutch-language programmes, Basenorm provides native depth.
Framework breadth and EU regulatory depth
ISMS.online covers ISO standards broadly — ISO 27001, ISO 27002, ISO 27701, ISO 42001, ISO 22301, ISO 9001 — plus NIS2, DORA, SOC 2, PCI DSS and GDPR. Basenorm covers the same core plus native modelling for EU-specific regulations (EU AI Act, BIO, CRA) and deeper audit-readiness flows for Dutch and EU public-sector organisations.
- ISMS.online: excellent ISO standards breadth including AI management (ISO 42001) and business continuity (ISO 22301).
- Basenorm: EU regulations as first-class frameworks with 24–48h regulatory updates.
- If your focus is purely ISO standards breadth, ISMS.online's catalogue is impressive.
Pricing transparency and model
ISMS.online uses a quote-based model with pricing disclosed after an evaluation call. Basenorm publishes pricing publicly, with tiers designed around compliance scope rather than seat count.
- Basenorm: publicly listed pricing on basenorm.com/pricing.
- ISMS.online: subscription SaaS; pricing is quote-based.
- Compare total ownership cost including consultant time saved — often the largest line.
Switching to Basenorm
Switching from ISMS.online to Basenorm
Organisations move from ISMS.online to Basenorm when the document-first model starts to slow them down — typically when compliance scope grows to include NIS2, DORA, the EU AI Act or BIO and they want an AI-first living-platform approach rather than a template-driven one. The migration path leverages ISMS.online's exportable documents: policies, procedures, risk assessments and SoA are exported, then uploaded to Basenorm where AskNorman performs semantic analysis and maps each document to the Unified Control Library. Your existing template-heavy investment is not lost — it becomes the starting library for your new control model. Typical migrations complete inside one quarter; the bigger change is cultural: moving from a document-centric ISMS to a governance-graph where evidence, controls, risks and assets are linked entities.
Frequently asked questions
Disclosure: Basenorm is the platform we build. We aim for accuracy and fairness, cite public sources where possible, and encourage you to verify every claim with the respective vendor.