basenorm.com

What It Is

Basenorm is an EU-native online ISMS and GRC platform built for European compliance and security teams. It focuses on unified management of frameworks such as ISO 27001, NIS2, DORA, GDPR, SOC 2, and the EU AI Act. Rather than being a traditional checklist-style compliance tool, it is control-centric: its Unified Control Library maps common requirements across different frameworks into a shared system of controls, risks, assets, and evidence.

Core Capabilities

In terms of protection type, Basenorm is more about compliance governance, audit readiness, and risk control management than direct security defense products such as firewalls or EDR. The platform can automatically flag gaps, assign tasks, link evidence, and use its Governance Graph to manage relationships between risks, controls, assets, and evidence. AskNorman AI can generate or query controls, risks, tasks, and documents using natural language. Automated evidence collection covers core infrastructure and SaaS integrations, while higher-tier plans also support APIs, SIEM/BI exports, SCIM/SSO, and MCP connections to Claude Desktop, ChatGPT, Cursor, or in-house agents.

Pricing and Deployment

Basenorm uses annual subscriptions: Foundation is €8,900/year and is suitable for a single primary audit scope; Assurance is €14,900/year and supports up to 3 frameworks and 10 internal users; Regulatory starts from €24,900/year and is designed for multi-entity, multi-framework, and complex audit scenarios. The platform is delivered as an online SaaS product, emphasizing European infrastructure and data hosting, with “GDPR by design” as a key selling point.

Pros and Cons

Its strengths are deep alignment with European regulatory requirements, including emerging regulations such as NIS2, DORA, and the EU AI Act. Control reuse can reduce duplicated work across frameworks like ISO 27001, NIS2, and GDPR. Pricing is relatively transparent, and the platform provides read-only auditor workspaces and continuous readiness dashboards. Limitations include a relatively high starting price for small teams and annual billing only. AI tokens are subject to usage limits unless you bring your own API key. Public materials do not disclose Basenorm’s own security certifications, nor do they clearly state alerting channels, Chinese-language support, or localization services.

Who It’s For and Access from China

Basenorm is best suited to mid-sized and large organizations operating in Europe and facing ISO 27001, NIS2, DORA, GDPR, or multi-framework audit pressure—especially teams in finance, insurance, healthtech, and SaaS. The available text does not mention access from China, and payment methods are also unspecified. If you need availability from mainland China, invoicing, cross-border data transfer details, or Chinese-language support, you should test network connectivity and review contract terms before purchasing. Alternatives to consider include Vanta, Drata, Secureframe, Sprinto, Hyperproof, as well as local Chinese platforms for MLPS and compliance management.