CISO Assistant is an open-source GRC and cybersecurity project management platform from intuitem, positioned as a one-stop tool for Governance, Risk and Compliance. It is not a real-time protection product such as a firewall or EDR; rather, it is a governance platform that helps security teams manage audits, risk assessments, compliance frameworks, remediation plans, third-party risk, BIA, GDPR processing records, and incident evidence.
The product supports both cloud and on-premises deployment, with migration possible between the two. The on-premises version consists of multiple Docker images, making it suitable for organizations with self-hosting capabilities, sensitive data, or internal-network deployment requirements. Feature-wise, CISO Assistant provides centralized audit evidence, cross-framework control mapping, risk assessments, maturity scoring, Cyber Risk Quantification (CRQ), EBIOS RM, recurring task reminders, incident timelines, and automatic synchronization of control progress. Its framework library appears extensive: the source text mentions 130+ resources/framework capabilities, as well as 70+ and 153 frameworks, indicating broad coverage, though the exact list should be verified further.
The platform emphasizes an API-first approach and provides a REST API, CLI, Toolbox, open formats, and CSV/Excel import and export, reducing the risk of data lock-in. Remediation tracking can be integrated with Jira and can track ETAs; recurring tasks support assignment to multiple owners and reminders. Version information also mentions capabilities such as a Prometheus metrics endpoint and OIDC, making it suitable for integration into existing enterprise operations and identity systems. On the AI side, it emphasizes private/local AI, so sensitive risk and remediation data does not leave the organizationβs boundaries.
The Community Edition is free forever, and the 30-day cloud trial does not require a credit card. Pro is billed by contributor/editor seats, while readers are free up to 100 users. Enterprise quotes are required for larger usage, unlimited seats, custom features, white labeling, or advanced support for critical systems. Standard support covers business hours on weekdays; enterprise-grade SLA terms are not clearly stated in the source text.
Its strengths are that it is open source, self-hostable, broad in GRC coverage, and strong in framework support and automation. It is well suited to CISO teams, compliance and audit teams, consultants, and enterprises with data sovereignty requirements. The downsides are that public pricing is not transparent, the productβs own compliance certifications are not disclosed, self-hosting requires Docker and operations capability, and advanced imports, customization, and support depend on paid plans.
The source text does not provide information on access from mainland China, payment methods, or localized services, so this remains unknown. For mainland enterprises considering adoption, it is advisable to first evaluate the self-hosted option, the source code and AGPLv3 obligations, and whether the frameworks cover MLPS, critical information infrastructure protection, and domestic privacy compliance requirements. Alternatives may include domestic GRC/MLPS compliance platforms or continuing to use internal enterprise audit and risk management systems.
β This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on intuitem.com official site.
intuitem.com is an France Cybersecurity provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach intuitem.com directly.