GRC · ISO 27001 · NIS2 · 9001 · GDPR · TISAX · DORA

Compliance is not a folder. It is infrastructure.

One system for every framework you run. ISO 27001, NIS2, GDPR, 9001 and more share one backbone instead of living in silos. Save up to 60 percent effort to certification.

Book a demoGet started
  • From EUR 249 / month
  • Hosted in Europe
  • Open data · CC-BY-4.0
Try it

How many frameworks do you really need?

Pick a scenario

Silos

0days
-29%saved

With Kopexa IMS

0days
Open the full Compliance Universe
OSCAL-native
Ready for BSI C5 2026, NIS2, DORA, whatever comes next.
Agentic AI
Native AI. Not a bolted-on chatbot.
EU-sovereign
Hosted in Paris. No US cloud.
KSPEC
Open-source standard for compliance checks.

Trusted by leading organizations

The platform

One system. For everything you manage.

Four modules, one data layer. Risk, security, quality, and documents share the same assets, policies, and evidence. No duplicate maintenance. No tool sprawl. No SharePoint as your management system.

ISMS

Framework today, audit tomorrow.

"Show the auditor the truth. With one click."

How it works

  • OSCAL builder · every framework, every version
  • Controls + Measures · dual model for any standard
  • Live gap analysis · status now, not in the quarterly
ERM

Turn risks into opportunities.

"Not where it's burning. Whether you have it handled."
CEO

How it works

  • Live matrix · instead of quarterly Excel
  • Cross-mapping · risk ↔ control ↔ policy
  • AI treatments · upside, not just damage control
QMS

Quality Management

ISO 9001 processes, document control, internal audits, CIP workflow. One tool, many management systems.

DMS

Document Management

Policies and evidence versioned, approved, and acknowledged. No SharePoint chaos, no 'which version is current?'.

Why Kopexa

SharePoint can do a lot. Management system isn't one of them.

Policies in versions. Risks across Excel tabs. Evidence in the inbox. Works fine. Until the first auditor asks how it connects.

Excel · SharePoint · emailChaos

73 files. Nobody knows which is current.

KopexaLive

Cross-mapping across all modules

Risk, control, policy, evidence, asset, and vendor in one data layer. The auditor clicks through, instead of searching.

The flow

How your GRC works with Kopexa

01

Connect

Connect integrations, discover assets, assess your current state.

app.kopexa.com/dashboard

Assets

127

+12

Integrations

5

active

Coverage

78%

+8%

Connected integrations

AWS
47 assets
Microsoft 365
23 assets
GitHub
12 repos
02

Automate

"2 new sales hires, what are the risks?" The AI works with you to develop risk scenarios, creates them, and documents everything automatically.

app.kopexa.com/risks

2 new sales hires, what are the risks?

Kopexa AI

3 risk scenarios identified:

Customer data access without NDA
Missing security awareness training
BYOD policy not signed
Create risks
View details
03

Certify

Invite your auditor, share evidence, pass your audit.

app.kopexa.com/frameworks/iso-27001

ISO 27001:2022

93 controls, Annex A

Audit-ready
Total progress87%

A.5 Organizational controls

100%

A.6 People controls

92%

A.7 Physical controls

85%

A.8 Technological controls

78%
Evidence
142 accepted8 pending

Regulatory

Kopexa knows your deadlines.

DORA, NIS2, GDPR. Each regulation has its own reporting window. Kopexa tracks them from detection, escalates on breach, and pre-fills the templates.

DORA
4h
Trigger
Major incident initial report
Authority
BaFin
NIS2
24h
Trigger
Early warning on security incident
Authority
BSI
GDPR
72h
Trigger
Data breach to supervisory authority
Authority
DPA

Plus pre-filled reporting templates for Art. 33 GDPR, NIS2 early warnings, and DORA initial reports. Exportable as PDF.

Open source

Compliance as Code

KSPEC: Open standard to scan your infrastructure against compliance policies. Transparent, auditable, community-driven.

terminal
View on GitHub

The ecosystem

More frameworks. More tools. Zero friction.

Cloud providers, dev tools, business apps. Ready-made frameworks. And an OSCAL builder for everything else that shows up.

Frameworks & catalogs

ISO 27001ISO 9001NIS2GDPRTISAXDORASOC 2NIST CSF+ your own

Integrations

Atlassian
Atlassian
AWS
AWS
Microsoft Azure
Microsoft Azure
Cloudflare
Cloudflare
Factorial
Factorial
GitHub
GitHub
Hetzner
Hetzner
Microsoft 365
Microsoft 365
OVHcloud
OVHcloud
More coming
View all integrations

Framework universe

Every framework. One system.

ISO 27001, NIS2, DORA or your own framework. All share one backbone. Clause mappings, cross-framework evidence and HLS overlap calculated live.

Open Compliance UniverseClause explorer ISO 9001 × 27001

Pricing

Fair pricing. No games.

From EUR 249/month
14-day free trial
No credit card required
Transparent pricing
View pricing

Ready for compliance without headaches?

Try Kopexa free for 14 days. No credit card required.

Start for freeBook a demo