Skip to main content
Assurance Model

The Basenorm
Assurance Model

Basenorm is built around a single assurance operating model that supports continuous compliance across European regulatory frameworks. Instead of managing overlapping standards separately, Basenorm defines controls once, links them to risk and evidence, and reuses them across the organisation.

One assurance model, not multiple frameworks

Traditional compliance tools treat each framework as a separate checklist. This creates duplication, fragmented ownership and point-in-time assurance. Basenorm uses one unified assurance model that underpins all frameworks. Controls are framework-agnostic and mapped automatically where required.

  • Single model underpins all frameworks
  • Eliminates duplication and fragmented ownership
  • Framework-agnostic control definitions
  • Automatic mapping where required
ISO 27001
NIS2
DORA
Unified
Assurance Model
SOC 2
GDPR
AI Act

One model, multiple frameworks

Evidence
access-review.pdf
ISO
9.2.1
NIS2
A.3
DORA
11.1
SOC 2
CC6.1

Evidence mapped once, applied across all framework requirements

Controls defined once and reused everywhere

Controls are defined once and linked to risks, assets, documents, owners and evidence. This single control definition is reused across multiple regulatory requirements without duplication or manual reconciliation.

  • Define controls once, link everywhere
  • Connected to risks, assets and documents
  • Reused across regulatory requirements
  • No manual reconciliation needed

Continuous assurance by design

Assurance is maintained continuously through automated monitoring, lifecycle tracking and evidence linkage. Readiness is not assessed only at audit moments, but maintained throughout the year.

  • Automated monitoring and tracking
  • Lifecycle-aware evidence linkage
  • Year-round readiness maintenance
  • Beyond point-in-time assessments

Continuous Assurance Cycle

Monitor
Assess
Report
Current Status
Active
89%
Audit Readiness

Year-round readiness, not point-in-time

Assurance Model

Governance Core

UCL

Control Library

Graph

Governance Graph

Norman

AskNorman AI

Platform Capabilities100%

Fully integrated platform architecture

From governance model to platform capabilities

The assurance model is implemented through core platform components such as the Unified Control Library, the Governance Graph and AskNorman AI. These capabilities operationalise the model but do not define it.

This is how Basenorm turns compliance into a continuous assurance operating model.

Talk to an assurance expertExplore the Platform