Skip to main content
Platform Components

The Building Blocks
of the Basenorm Platform

The building blocks that power continuous assurance.

Basenorm is built around a small number of core components. Each component plays a specific role inside the Governance Graph, together enabling continuous assurance across frameworks.

Talk to an assurance expertExplore the Platform
Controls
Risks
Documents
Tasks
Assets

Five building blocks, one system

One system. Multiple connected components.

Rather than separate modules, Basenorm uses a shared data model. Controls, risks, documents, tasks and assets are not isolated features, but connected components within a single governance system.

Controls
Risks
Assets
SharedModel
Docs
Tasks

One data model. Five components.

A shared governance architecture.

All platform components are connected through the Governance Graph. This creates a single source of truth for ownership, risk, evidence and assurance.

Governance Graph

Single Source of Truth

Ownership
Evidence
Assurance
Controls
Risks
Docs
Tasks
Assets

Three-tier governance architecture

These components are not separate modules. They are connected building blocks designed to work together through the Governance Graph.

Core platform components

Five interconnected building blocks for continuous assurance.

Controls

Define how risks are managed and compliance is achieved.

  • Clear ownership and lifecycle governance
  • Linked to risks, assets, documents and tasks
  • Mapped once, reused across frameworks
  • Single source of truth for assurance

Risks

Explain why controls exist and what must be mitigated.

  • Consistent EU-aligned risk model
  • Inherent and residual risk tracking
  • Direct links to controls and assets
  • Continuous risk visibility

Documents & Policies

Provide evidence, structure and auditability.

  • Centralised policy and evidence management
  • Versioning, ownership and review cycles
  • Direct links to controls and risks
  • Always audit-ready documentation

Tasks & Assurance

Ensure execution, review and accountability.

  • Task-based execution of compliance activities
  • Recurring assurance and control checks
  • Clear responsibility and deadlines
  • Evidence collected as work is done

Assets

Define scope across systems, suppliers and infrastructure.

  • Inventory of systems, software and suppliers
  • Ownership and criticality classification
  • Linked to risks and controls
  • Foundation for EU-aligned compliance scope

Traceability Map

ControlRisk
linked
ControlAsset
linked
ControlDocument
linked
RiskAsset
linked
TaskControl
linked

100%

Connected

0

Orphans

5

Mappings

Everything connected by design.

All components are connected through the Governance Graph. This provides full traceability across controls, risks, assets, documents, tasks and frameworks.

  • Clear ownership
  • Full traceability
  • No duplication
  • Real-time impact visibility
AI Governance Engine

From components to insight.

AskNorman uses the Governance Graph to understand context and relationships across all platform components. This enables gap detection, prioritisation and confident decision-making.

  • Gap detection
  • Ownership analysis
  • Risk insights
  • Task prioritisation
See AskNorman in action

A clear structure. A connected system. Continuous assurance.

Basenorm turns connected components into operational assurance, enabling confidence across frameworks, audits and board-level reporting.

Talk to an assurance expertExplore the Platform