Your cyber maturity, assessed once, projected everywhere. Built on NIST CSF 2.0.
Assess your security and compliance posture on NIST CSF 2.0, generate your policies, ISO 27001 SoA, GDPR register, incident response pack and prioritised action plan — self-service, at your pace, without a firm.
23 questions · ~5 min · No credit card · Data hosted in the EU
The reality
Obligations pile up. Your team doesn't.
GDPR, security questionnaires from your enterprise customers, NIS2 widening its scope, the AI Act… Obligations pile up, but a defensible view, up-to-date policies and a clear roadmap are hard to produce alone. The result: you improvise, you fall behind, and you lose deals for want of the right deliverables.
No dedicated CISO
Without a dedicated role, compliance falls back on the founder or the tech team — and no one has time to do everything, or to keep up with shifting standards.
Deals that stall
Your enterprise prospects require security policies, DPAs and completed questionnaires. Without them, the sale stops.
Rules that keep shifting
The regulatory landscape never stops moving. Keeping up alone, with no tooling, is unmanageable and risky.
How it works
A clear framework, in three steps.
From diagnostic to continuous oversight, self-service: a single tool, a single method, your deliverables at hand.
Diagnostic
Answer 23 questions about your security and GDPR posture. You get a teaser score by NIST CSF 2.0 function and your GDPR status — free, in 5 minutes.
Full assessment
Complete the assessment (106 CSF 2.0 points + GDPR + ISO 27001 / SOC 2 if targeted). Activate the certification frameworks — your answers are projected automatically, no question is ever asked twice.
Deliverables & follow-up
Generate your documents (security policy, ISO SoA, Art. 30 register, incident response pack, CSF organisational profile) in .docx, and prioritise your remaining actions. Resume anytime: your score tracks your progress over time.
NIS2 · Loi résilience
Are you ready for NIS2?
NIS2 widens its scope to thousands of EU SMEs and scale-ups, with management accountability and 24h/72h incident-notification duties. Measure your readiness in 5 minutes — built on the same NIST CSF 2.0 backbone we project onto NIS2.
- Management accountability and security governance
- Risk-management measures (NIS2 Art. 21)
- 24h/72h incident notification to the authority
- Supply-chain and supplier security
One plan, two cadences
The Komplyo plan.
The full product, one price: full assessment, ISO 27001 / SOC 2 projections, policy generation, SoA, GDPR register, incident response pack, prioritised roadmap and time-series follow-up.
The Komplyo plan
The full assessment, defensible documents and follow-up — without a firm.
€99 excl. VAT / month or €999 excl. VAT / year — 2 months free
- Free diagnostic: 23 questions, 5 min, no commitment
- Full assessment: 106 NIST CSF 2.0 points + GDPR
- ISO 27001 and SOC 2 projections if targeted — no question is asked twice
- Global security policy (.docx), ready to defend
- ISO 27001 Statement of Applicability (SoA)
- GDPR Art. 30 records of processing
- Incident response pack (CNIL / NIS2)
- CSF 2.0 organisational profile (current vs target)
- Prioritised roadmap + 16 risk scenarios
- Time-series score follow-up (maintenance)
- Document updates on every framework version change
- Data hosted in the EU (Neon, Frankfurt)
VAT applies per country of residence. Secure payment via Stripe (coming soon). Monthly: no commitment, cancel anytime. Annual: pre-paid, 2 months free.
Get started now
A ready-to-use security policy, on us.
A generic template, structured around the baseline expectations of a customer or an auditor, that you can use right away as a foundation.
But a generic template only protects you halfway. The real value is adapting it to your actual risks: your diagnostic identifies your gaps, the assessment refines them, and the generated policies reuse your scores. The template is the starting point — Komplyo structures the rest.
Security policy template
.docx format · Delivered by email
Why Komplyo
Recognised frameworks, defensible deliverables.
Assess once, project everywhere
Your NIST CSF 2.0 answers are projected automatically onto ISO 27001, SOC 2 and GDPR Article 32 through an official mapping table. No question is asked twice — framework version pinned per assessment.
Pragmatic, SME-sized
We aim at what truly matters for your risk and your sales — not a mountain of documents no one reads.
Auditor-ready deliverables
Security policy, ISO 27001 SoA, GDPR Art. 30 register, incident response pack, CSF organisational profile — every document is generated from your assessment, in .docx, with pinned version and timestamp.
- Built on NIST CSF 2.0
- ISO 27001 · SOC 2 · GDPR projections
- Data hosted in the EU (Neon, Frankfurt)
- Framework version pinned per assessment
Frequently asked
What we get asked most.
How does the free diagnostic work?
23 questions, ~5 minutes, no commitment. You get a teaser score by NIST CSF 2.0 function and your GDPR status. Your answers are kept for 7 days: by creating an account, they carry over to the full assessment.
Do I need an account to start?
No: the diagnostic is open. A free account unlocks the dashboard, the full assessment and document generation. No payment is required to begin; paid plans will arrive with the next product step.
Do my diagnostic answers carry over to the full assessment?
Yes — the 23 diagnostic questions are a subset of the full assessment. By creating an account, your answers carry over automatically, and only the remaining questions appear (43 on the best-practices path, or the full set on the certification path).
Is my data kept in Europe?
Yes. The database is hosted on Neon in Frankfurt (Germany), the application on Netlify, and transactional emails go through Resend. No data leaves the EU; your framework version is pinned per assessment for reproducibility.