Skip to main content

    Platform Components

    The building blocks that power continuous assurance.

    Basenorm is built around a small number of core components. Each component plays a specific role inside the Governance Graph, together enabling continuous assurance across frameworks.

    Talk to an assurance expertExplore the Platform

    One system. Multiple connected components.

    Rather than separate modules, Basenorm uses a shared data model. Controls, risks, documents, tasks and assets are not isolated features, but connected components within a single governance system.

    Controls
    Risks
    Assets
    SharedModel
    Docs
    Tasks

    One data model. Five components.

    A shared governance architecture.

    All platform components are connected through the Governance Graph. This creates a single source of truth for ownership, risk, evidence and assurance.

    Governance Graph

    Single Source of Truth

    Ownership
    Evidence
    Assurance
    Controls
    Risks
    Docs
    Tasks
    Assets

    Three-tier governance architecture

    These components are not separate modules. They are connected building blocks designed to work together through the Governance Graph.

    Core platform components

    Five interconnected building blocks for continuous assurance.

    Controls

    Define how risks are managed and compliance is achieved.

    • Clear ownership and lifecycle governance
    • Linked to risks, assets, documents and tasks
    • Mapped once, reused across frameworks
    • Single source of truth for assurance

    Risks

    Explain why controls exist and what must be mitigated.

    • Consistent EU-aligned risk model
    • Inherent and residual risk tracking
    • Direct links to controls and assets
    • Continuous risk visibility

    Documents & Policies

    Provide evidence, structure and auditability.

    • Centralised policy and evidence management
    • Versioning, ownership and review cycles
    • Direct links to controls and risks
    • Always audit-ready documentation

    Tasks & Assurance

    Ensure execution, review and accountability.

    • Task-based execution of compliance activities
    • Recurring assurance and control checks
    • Clear responsibility and deadlines
    • Evidence collected as work is done

    Assets

    Define scope across systems, suppliers and infrastructure.

    • Inventory of systems, software and suppliers
    • Ownership and criticality classification
    • Linked to risks and controls
    • Foundation for EU-aligned compliance scope

    Traceability Map

    ControlRisk
    linked
    ControlAsset
    linked
    ControlDocument
    linked
    RiskAsset
    linked
    TaskControl
    linked

    100%

    Connected

    0

    Orphans

    5

    Mappings

    Everything connected by design.

    All components are connected through the Governance Graph. This provides full traceability across controls, risks, assets, documents, tasks and frameworks.

    • Clear ownership
    • Full traceability
    • No duplication
    • Real-time impact visibility
    AI Governance Engine

    From components to insight.

    AskNorman uses the Governance Graph to understand context and relationships across all platform components. This enables gap detection, prioritisation and confident decision-making.

    • Gap detection
    • Ownership analysis
    • Risk insights
    • Task prioritisation
    See AskNorman in action

    A clear structure. A connected system. Continuous assurance.

    Basenorm turns connected components into operational assurance, enabling confidence across frameworks, audits and board-level reporting.

    Talk to an assurance expertExplore the Platform