Launching soon — join the waitlist

Your security program, built in 15 minutes

Normado takes the complexity out of compliance. Answer a few questions about your company and get tailored security policies, a gap analysis, and a clear action plan — powered by AI, built for EU regulations.

First 50 customers get all Enterprise features at €49/mo.

You're on the list! We'll be in touch soon.

app.normado.io/dashboard
john@acme.eu Log out
normado.
Dashboard
Policies
Frameworks
Risk register
Evidence
Settings
Acme B.V.
Technology / SaaS · 45 employees
73%
Day 1 baseline
Started 15 Mar 2026
Policy coverage12 of 12
8 approved4 draft
Frameworks
3
Risks
7
Evidence
24
Compliance frameworks
ISO 27001
Information Security
68%
GDPR
Privacy
82%
NIS2
Cybersecurity
45%
Recent activity
Access Control Policy approved
by J. Smith (CEO) · 2 min ago
Incident Response Policy generated
AI-generated draft · 15 min ago
ISO 27001 framework added
3 frameworks active · 1 hr ago
3 risks identified from onboarding
2 high priority · 1 hr ago

Built for the frameworks that matter

ISO 27001 GDPR NIS2 DORA SOC 2
339
Framework requirements mapped
12
AI-generated security policies
5
EU compliance frameworks
15 min
From zero to your first policies

The problem

Compliance is eating your time and budget

Scattered policies in shared drives

Your security program lives across Word docs, Google Drive folders, and someone's laptop. When a customer asks for your ISO 27001 status, it takes days to pull something together.

Consultants cost a fortune

Getting ISO 27001 ready through a consulting firm costs €15,000–50,000 and takes 6–12 months. For a 30-person company, that's a budget you don't have.

Existing tools are built for enterprises

Most GRC platforms start at €7,500/year and are designed for large organisations with dedicated compliance teams. If you're a 30-person company, you're left with spreadsheets.

How it works

From zero to audit-ready in three steps

1

Answer 20 questions

Tell us about your company — size, industry, tech stack, and which regulations apply to you. Takes less than 10 minutes.

2

Get your security program

Normado generates tailored security policies, a risk register, and a gap analysis showing exactly where you stand against your target frameworks.

3

Close gaps, stay compliant

Follow your prioritized action plan. Upload evidence, track progress, and maintain an audit-ready security posture — continuously, not just once a year.

Compliance scoring

Four pillars. One compliance score.

Most tools show you a vanity "compliance percentage" based on policies alone. Normado measures what actually matters — all four pillars of a real security program, weighted equally.

25%

Policies

AI-generated security policies covering 12 core domains, approved and version-controlled.

25%

Risk register

Identified risks with likelihood-impact assessment, treatment plans, and ownership assigned.

25%

Controls

Implemented controls linked to requirements, with auto-mapping across frameworks — one control, many frameworks.

25%

Evidence

Audit evidence uploaded and tied to specific controls, with expiry tracking and renewal alerts.

i

Reaching 100% means your organization has genuine security posture — not just a policy PDF gathering dust. This is what auditors actually verify.

Features

Everything you need to manage compliance

AI policy generator

12 core security policies generated in seconds, tailored to your company name, tech stack, and industry. Multi-language (EN, NL, DE, FR), with version history, regeneration, approval workflows, and PDF export with your branding.

Gap analysis with plain-language guidance

339 requirements across ISO 27001, GDPR, NIS2, DORA, and SOC 2 — each with plain-language guidance explaining what it means for your business. Mark items as N/A with mandatory reasoning for auditor defensibility.

Risk register with AI generation

AI-generated risk entries tailored to your company, pre-populated with 200+ common risks. Likelihood-impact scoring, treatment plans, risk ownership, and visual heat maps. Track residual risk after controls.

Framework cross-mapping

251 policy-to-requirement mappings across 5 frameworks. One control can satisfy ISO 27001, NIS2, and SOC 2 simultaneously — Normado shows you which ones, so you never do duplicate work.

📊

Dynamic compliance scoring

Real-time 4-pillar scoring (Policy / Risk / Control / Evidence, 25% each) with framework-specific breakdowns. Clear "Next Steps to Improve" for each requirement — no guesswork about what to do next.

📂

Continuous evidence management

Upload files linked to specific controls, with expiry date tracking and 30-day renewal alerts. Export audit-ready evidence packages. Your security posture stays current, not just at audit time.

👥

Approval workflows & audit trail

Assign policy owners, set review dates, route policies through approvers. Full version history with who-changed-what-when. Immutable audit trail across policies, risks, controls, and evidence.

🔑

Controls management

Technical and organizational controls library with AI-suggested auto-linking to requirements and risks based on your context. Review dates with attention banners when controls need re-attestation.

📋

Auditor-ready exports

Export your full Statement of Applicability, risk register, policies, and evidence packages as audit-ready PDFs. Rich HTML copy for Confluence, Notion, or Google Docs. Works with any ISO 27001 certification body.

Why Normado

Built for EU SMEs, not Silicon Valley enterprises

Normado Vanta / Drata Consultants Spreadsheets
Starting price€49/mo€7,500+/yr€15,000+Free
Time to first result15 minutes2-4 weeks2-3 monthsWeeks
EU frameworks (NIS2, DORA)✓ Built-inLimitedDependsManual
AI policy generation✓ 12 policiesTemplates onlyManual
Data hosted in EU✓ IrelandUS-hostedN/AVaries
Built for company size10-500 employees100-5,000+AnyAny

Pricing

10x cheaper than enterprise GRC tools

No hidden fees. No setup costs. Cancel anytime.

Early adopter offer

First 50 customers get all Enterprise features at the Starter price. Limited spots remaining.

Starter

Get compliant policies in minutes

€49 /month

Solo founders and small teams

  • 12 AI-generated security policies
  • PDF export + copy formatted
  • Version history & regeneration
  • 1 compliance framework
  • Day 1 baseline score
  • 1 user
Join waitlist
Most popular

Professional

Manage compliance end-to-end

€149 /month

Growing teams getting audit-ready

  • Everything in Starter
  • All 5 frameworks (ISO 27001, GDPR, NIS2, DORA, SOC 2)
  • Gap analysis with dynamic scoring
  • Risk register with AI generation & heat map
  • Controls management with auto-linking
  • Policy approval workflow
  • Up to 5 users
Join waitlist

Enterprise

Audit-ready governance platform

€299 /month

Regulated industries & mid-market

  • Everything in Professional
  • Evidence management with file uploads
  • Full compliance scoring (reach 100%)
  • Expiry tracking & renewal alerts
  • Auditor read-only portal
  • SSO (Azure AD, Okta)
  • Unlimited users
  • Priority support
Join waitlist
EU-hosted infrastructure
GDPR compliant by design
AES-256 encryption at rest
Built by a CISSP-certified professional

From the blog

Learn compliance, your way

ISO 27001

ISO 27001 Checklist for Startups

A practical step-by-step guide to getting ISO 27001 certified without a consultant.

 NIS2

NIS2 Compliance Guide for SMEs

Requirements, deadlines, penalties, and a step-by-step action plan for EU businesses.

 DORA

DORA Compliance for Financial Services

The five pillars of DORA and a practical roadmap for financial entities.
View all articles →

Ready to simplify compliance?

Join the waitlist and be the first to get access. First 50 customers get all Enterprise features at €49/mo.

You're on the list! We'll be in touch soon.

normado.
Product Features How it works Pricing Blog Frameworks ISO 27001 GDPR NIS2 DORA SOC 2 Resources Security program guide Policy writing guide EU compliance in 2026