TameTrust Security Operating System
ISO 27001, NIS2 and CyFun Operating System

Operationalize risk, security governance with agentic compliance workflows

TameTrust turns ISO 27001, NIS2, GDPR, Recyf, CyFun or any other obligations into role-based workspaces, evidence packs, risk dashboards and sequenced agent reviews.

View Product Tour
29
CyFun Essential Key Measures
29
Specialized Compliance Agents
32 weeks
NIS2/ISMS Roadmap Model
TameTrust CISO dashboard
Live governance consoleRisk exposure, ISO performance, open actions and auditor evidence stay visible in one operating view.
3.6/5ISO radar example
8High risks surfaced
239NIST items implemented

Grounded in the local compliance corpus

Content is based on the CyFun 2025 Essential material, the Belgian energy ISMS/NIS2 roadmap, and the local agent roster.

3.5/5
Target total CyFun Essential maturity threshold.
up to 219
Key Measures across Govern, Identify, Protect, Detect and Respond.
8
Roadmap phases from self-assessment through validation.
240+
Current MCP registry tools referenced by the agent-team notes.
Assess current postureMap ISO, NIS2, GDPR and CyFunGenerate policies and SoACoordinate agent reviewsPackage evidenceRun audit readinessImprove continuously
Assess current postureMap ISO, NIS2, GDPR and CyFunGenerate policies and SoACoordinate agent reviewsPackage evidenceRun audit readinessImprove continuously

Comprehensive Compliance Platform

Everything needed to turn certification work into managed operations

ISO 27001 Assessment

PDCA modules guide clause work, evidence collection and maturity tracking from Plan through Act.

Risk Management

Risk heatmaps and radar views connect EBIOS outputs to treatment ownership and open actions.

Policy Generation

Policy, SoA and due diligence packs are prepared as reviewable artifacts, not loose documents.

Supplier Risk

Manage A.5.21-22 supplier relationships, contracts and questionnaires with full traceability.

Incident Management

Handle A.5.24, A.8.15 and NIS2 reporting timelines with structured response workflows.

Training & Awareness

Track A.7.2-7.3 competence, awareness and campaign evidence alongside audit readiness.

Customer journey

One path from first assessment to continual improvement

The flow is a guided story: start with the current state, make work visible, route it through specialists, then leave the auditor with traceable evidence.

From baseline to improvement in five steps.

1

Baseline

Run onboarding, CyFun self-assessment and ISO scope work to identify maturity gaps.

Plan phase control modules
2

Operationalize

Move work into PDCA modules for policies, access, assets, monitoring and suppliers.

Do phase implementation modules
3

Coordinate

Use the orchestrator and specialist agents to review, challenge and assign actions.

Agent team orchestration
4

Prove

Package due diligence evidence, radars, policies and questionnaires for stakeholders.

Due diligence evidence pack
5

Improve

Close findings, review risk exposure and feed improvement actions into management review.

Act phase improvement modules
Product tour

From PDCA execution to audit evidence

The product screenshots show the operating model: role dashboards, phase workspaces, risk exposure, due diligence packs and auditor evidence views.

Module 44 due diligence
Assurance packs

Package customer trust evidence without losing source traceability

Module 44 consolidates supplier documents, policies, contracts, questionnaire items, ISO radar views and NIST CSF signals into a customer due diligence workspace.

PDCA wizard Plan phase

PDCA module cockpit

Plan, Do, Check and Act phases expose concrete module work instead of abstract maturity claims.

Risk exposure heatmap

Risk pressure visible

Heatmaps make concentration and severity easy to scan before remediation or management review.

Auditor evidence dashboard

Auditor-ready evidence

Evidence packs, findings to close, action queues and high risks are visible in the auditor workspace.

Agent team

Specialist agents coordinate the compliance operating model

TameTrust can be paired with a local Claude agent team that works directly in your environment. Through MCP, those agents connect securely to TameTrust, combining local execution with governed compliance workflows in a way that gives your team a distinctive operating advantage.

Agent team orchestration
OrchestratorRuns gates such as pre-commit, pre-PR, health-check and audit-readiness./orchestrate audit-readiness
Auditor and evidenceValidate clauses, challenge SoA decisions and assemble audit-ready evidence packages./evidence gaps
DPO and regulatorCover GDPR/RGPD workflows and adversarial enforcement inspection from APD, CCB and DORA angles./regulator inspect nis2
GRC and dashboardTranslate ISO 27001, NIS2 and CyFun work into executive posture, actions and management review./dashboard executive

Turn governance into a system

Operationalize PDCA, maintain continuous audit readiness, and automate due diligence with a strategic licensing structure.

CORE

Operationalize PDCA

Foundational PDCA operations adapted to SMEs, consultants and auditors.

190
per month
  • OSINT exposure discovery (Module 0)
  • Risk register + risk-control mapping
  • Evidence tracking
  • PDCA orchestration basics
  • 1 organization, 2 users, standard exports
  • AI guardrails: redaction controls, prompt visibility, audit traceability

GOVERNANCE

Continuous audit readiness

Continuous policy and obligations governance adapted to SMEs, consultants and auditors.

390
per month
  • Everything in CORE
  • Automated policy review
  • Gap detection vs ISO 27001 / contractual / regulatory
  • AI proposals for policy modifications
  • Documentation coverage score
  • 3 users + executive readiness dashboard
  • AI guardrails: redaction controls, prompt visibility, audit traceability
Recommended

ASSURANCE

Automate vendor and customer due diligence

Customer and supplier due diligence automation adapted to SMEs, consultants and auditors.

790
per month
  • Everything in GOVERNANCE
  • Customer workspace + contract risk scoring
  • Automated questionnaire drafts + evidence mapping
  • Configurable publication pack + shareable generation
  • 3 organizations included, 8 users
  • Multi-client reporting exports
  • AI guardrails: redaction controls, prompt visibility, audit traceability

Enterprise / MSSP

Turn governance into a system

TameTrust as security governance infrastructure.

2500
per month
  • Unlimited organizations and users
  • Private AI / Private RAG isolated
  • Shareable TrustCenter
  • Full API
  • VPS / On-prem
  • 24/7 SLA + explainable AI audit logs
  • Advanced multi-framework mapping
  • AI guardrails: redaction controls, prompt visibility, audit traceability
Talk to sales

Need a custom plan? Contact us

Trusted by Compliance Leaders

See how organizations achieved ISO 27001 certification with TameTrust

TameTrust helped us achieve ISO 27001 certification in just 85 days. The AI-powered assessment wizard made complex compliance requirements easy to understand.

Confidential
CISO at Confidential

The risk register and policy generator saved us hundreds of hours. Supplier risk management gave us complete visibility into our third-party risks.

Confidential
Compliance Manager at Confidential

Audit preparation was seamless. The documentation and evidence packages made our Stage 2 audit straightforward. Highly recommended for any organization pursuing ISO 27001.

Confidential
IT Director at Confidential

Some customers

Confidential
Confidential
Confidential
Confidential

Ready to transform your compliance approach?

Join security professionals who already simplified their certification process