ISMS Software · OSCAL-native · EU hosting
Preloaded catalogs, cross-framework mapping, audit workflow and an OSCAL-native core. From 599 EUR/month for unlimited frameworks instead of expensive consulting stacks.
7
ISO 27001, NIS2, TISAX, DORA, GDPR ...
847 / 912
92.9% · +14 in the last 7 days
A-
3 open High, 8 Medium
Audit trail · Live
Three things that define ISMS software today
ISO 27001:2022, BSI Grundschutz++, NIS2 practices and VDA ISA 6.0 are already there when you log in. Including categories, maturity levels and automatic mappings.
You document MFA once. Kopexa works out that this covers ISO A.8.5, NIS2 Art. 21(2)(j), TISAX 4.x and DORA Art. 9 all at the same time.
Catalogs in OSCAL JSON instead of 200-page Word documents. BSI Grundschutz++ migration in days instead of months, plus clean audits without copy-paste errors.
Comparison
Four categories, four realities. A factual comparison based on publicly communicated tier characteristics, without vendor names.
| Criterion | Excel / Word | US GRC SaaS | DACH GRC SaaS | Kopexa Prorecommended |
|---|---|---|---|---|
| Transparent pricing on the website | 0 € | on request | from 599 € | |
| Frameworks in the standard tier | all (manual) | 1 | 2-3 | unlimited |
| OSCAL-nativeBSI Grundschutz++ migration without PDF reverse engineering | ||||
| Cross-framework mapping | addon | |||
| EU hosting by default | self-hosted | Paris | ||
| BYOK / on-premise available | On-premise | |||
| Open-source compliance standardKSPEC: compliance checks publicly auditable | ||||
| Tamper-proof audit trail |
Values refer to typical characteristics of each tool category, as of May 2026. Individual vendors may differ.
Workflow
From the first asset to the approved audit. Every step lands in the same audit trail.
Connectors to AWS, Azure, M365, GitHub, HR. Auto-discovery classifies assets by protection needs.
Risk matrix with a threat library. Risk owners assigned, treatment documented.
Preloaded catalogs for ISO 27001, NIS2, TISAX, BSI Grundschutz++. Cross-mapping calculates automatically.
Evidence from tickets, logs, screenshots, policies. Linked to controls, tamper-proof.
Read-only audit access or a signed PDF package. Surveillance audits in days instead of weeks.
Framework universe
The Pro plan covers everything. No lock-in to a single standard, no add-on for the next regulation.
ISO 27001
93 Annex A controls
NIS2
Art. 21 + § 30 BSIG
TISAX 6.0
VDA ISA chapters 1-9
DORA
Art. 5-30 ICT risk
GDPR
Art. 5-99 + BDSG
BSI Grundschutz++
OSCAL profile 2026
ISO 9001
QMS Annex SL
SOC 2
Trust Services Criteria
VdS 10000
Cyber for SMEs
ISO 27701
Privacy extension
Pricing
No hidden per-framework surcharges. No "demo required to see pricing" hurdle.
For mid-market and SaaS teams that need a full ISMS without re-licensing for every framework.
For corporations, regulated industries and multi-entity setups. Self-hosting, a custom SLA and multi-entity included.
Lite plan from 249 EUR/month for single-framework teams. See all plans in the pricing comparison.
FAQ
What data protection, IT and compliance leads most often clarify before selecting an ISMS platform.
Two paths. Both lead to the same tool. You choose how much onboarding you want.
Set up your workspace, try the Pro plan, import the ISO 27001 catalog, run your first risk assessment. No credit card lock-in.
We show you cross-framework mapping, a connector demo and talk through your migration from Excel or an existing GRC tool. No sales-pressure tour.