One platform. Six frameworks. Complete coverage for DORA, ISO 27001, NIS2, GDPR, CSSF 22/806, and CRA — with pre-mapped controls, assisted document drafting, and continuous readiness monitoring.
See how teams move from manual tracking to evidence-backed DORA operations.
Without OneComply
With OneComply
Weeks mapping controls to regulation manually
Pre-mapped controls across 6 frameworks — instant
Spreadsheet chaos tracking vendor risk
One-click CSV import with 6-factor auto-scoring
Days writing compliance policies from scratch
AI generates regulation-aligned policies in minutes
Scrambling to compile NCA incident reports
Automated incident reports with timeline tracking
Months preparing for certification audits
Real-time gap analysis with evidence collection
No visibility into overall compliance posture
Live compliance score across every framework
A DORA-first workflow with mapped evidence reuse across ISO 27001, NIS2, GDPR, CSSF 22/806, and CRA.
5 minutes to get started
Create your entity profile, select which regulatory frameworks apply, and configure your compliance scope. The proportionality engine automatically tailors requirements to your organization size and sector.
Select Your Configuration
DORA
Digital Operational Resilience Act
ISO 27001
Information Security Management
NIS2
Network & Information Security
211 controls applicable based on your profile
Automated risk scoring across all dimensions
Import vendors, assess risks, and auto-score across multiple dimensions. Whether it's ICT third-party risk for DORA, information security risks for ISO 27001, or supply chain risks for NIS2 — one engine handles it all.
| Vendor | Service | Criticality | Risk Score |
|---|---|---|---|
| AWS | Cloud Infrastructure | CRITICAL | 92 |
| Salesforce | CRM Platform | IMPORTANT | 78 |
| Bloomberg | Market Data | IMPORTANT | 71 |
| Slack | Communication | STANDARD | 45 |
Pre-mapped controls across all frameworks
368+ controls pre-mapped and ready to track across DORA, ISO 27001, NIS2, GDPR, CSSF 22/806, and CRA. The real-time gap analysis dashboard shows exactly where you stand and what needs attention — with cross-framework mapping so effort on one contributes to others.
Overall Compliance
71%
81 of 118 controls implemented
Assisted document drafting
Generate framework-specific policies, questionnaires, and due diligence documents with AI. Templates are pre-aligned to DORA articles, ISO 27001 clauses, and NIS2 requirements — saving weeks of legal review.
ICT Risk Management Policy
DORA
Information Security Policy
ISO 27001
Incident Response Plan
NIS2
ICT Outsourcing Policy
DORA
Timeline tracking with submission evidence
Track incidents from detection to resolution with automated timeline management. Prepare NCA report drafts for DORA, track NIS2 early-warning deadlines, and maintain incident logs for ISO 27001 conformity.
2
Open
1
Investigating
3
Mitigated
12
Resolved
Payment gateway timeout
Major · NCA report due in 22h
Cloud storage degradation
Minor · CSIRT assessment in progress
One-click regulatory reports
Prepare DORA Register of Information source data and EBA-format ZIP packages, ISO 27001 Statement of Applicability, NIS2 board reports, and more. Authority acceptance is recorded only from external receipt evidence.
Entity maintaining the register
XBRL-CSV
Contractual arrangements
XBRL-CSV
Statement of Applicability
Excel
NIS2 Board Report
DORA-ready workflow with mapped evidence reuse
Most teams spend months getting started with compliance. With OneComply, you go from account creation to your first DORA-oriented readiness score in under 20 minutes, with mapped evidence visibility across the selected frameworks.
20
Minutes to start
368+
Controls mapped
6
Frameworks
Create account & select frameworks
Import vendors via CSV
Review auto-generated risk scores
Explore pre-mapped controls & gaps
Generate your first policy with AI
Send vendor questionnaire
Export compliance report
First compliance score ready
Enterprise-grade security and compliance infrastructure trusted by financial institutions across Europe.
Encryption at rest and in transit, RBAC with 9 roles, MFA enforcement, comprehensive CSP headers and CORS policies.
Every organization's data is strictly isolated with row-level security and scoped API access.
Primary application data is hosted in EU data centers with DPA-backed processing and documented sub-processors.
Every action is logged with append-only audit records. Full diff tracking for regulatory evidence.
9 roles, 14 entity types, 9 actions. Granular permissions with organization-scoped access.
Automatically adjusts requirements based on your entity size, sector, and risk profile.
OneComply is DORA-first and includes mapped libraries for ISO 27001:2022, NIS2, GDPR, CSSF 22/806, and CRA. DORA/CSSF are workflow anchors; the others are evidence reuse and readiness layers with explicit coverage labels.
Most teams go from account creation to their first compliance score in under 20 minutes. Vendor import via CSV takes seconds, and controls are pre-mapped — so there's no manual setup required.
Yes. OneComply supports multi-framework evidence reuse from a single dashboard. Cross-framework mappings show where a control or evidence item supports another framework; they do not replace legal or auditor review.
No. OneComply is designed for compliance officers, risk managers, and legal teams — not developers. Guided workflows and optional AI assistance help reduce manual drafting and review work.
When enabled, AI assistance drafts policy and questionnaire content from your organization profile, selected frameworks, and industry sector. Human review and approval remain required before anything becomes official.
OneComply uses EU data residency, multi-tenant isolation, immutable audit trails, role-based access control, and encryption at rest and in transit. Details are published in the Trust Center.
Yes. External auditors get a time-boxed, signed-link invite with one of three access tiers — read-only, comment, or full — scoped per framework. They don't need an account, every action they take is recorded in the audit trail, and you can revoke access in one click.
OneComply monitors regulatory changes and updates control mappings automatically. You receive alerts when new requirements affect your compliance posture.
Join regulated institutions across Europe that trust OneComply to manage DORA, ISO 27001, NIS2, GDPR, and CSSF 22/806 compliance continuously.
14-day free trial · No credit card required · 20-minute setup