Compliance Automation
Map once. Comply everywhere.
Map controls across 84+ frameworks including NIS2, DORA, GDPR, ISO 27001, and SOC 2. Automated gap analysis identifies missing controls, evidence drift detection alerts when evidence expires, and PDF-ready audit packs export in one click.
What you get
Cross-Framework Control Mapping
Map a single control implementation to requirements across multiple frameworks simultaneously. When you implement an access control policy, FortisEU automatically maps it to NIS2 Article 21(2)(i), DORA Article 9(4)(c), ISO 27001 A.9, and GDPR Article 32 — eliminating redundant compliance work.
Automated Gap Analysis
Continuous scanning of your control environment against selected framework requirements reveals exactly which controls are missing, partially implemented, or fully satisfied. Gap reports prioritise remediation by regulatory deadline and risk severity.
Evidence Drift Detection
Monitors the freshness and validity of collected evidence against configurable thresholds. When a penetration test report approaches its 12-month expiry or a policy document has not been reviewed in its cycle window, FortisEU alerts the responsible owner before auditors discover the gap.
Audit-Ready PDF Exports
Generate complete audit packs with a single click, bundling control narratives, evidence artefacts, test results, and compliance assertions into structured PDF documents ready for external auditors, regulators, or board review.
Compliance Scoring Dashboard
Real-time compliance posture scoring per framework, broken down by control domain. Track your NIS2 readiness at 73% while your DORA coverage sits at 89%, with drill-down into each gap and its remediation status.
Regulatory Deadline Tracking
Automatically tracks transposition deadlines, enforcement dates, and reporting windows for every applicable regulation. NIS2 transposition milestones, DORA RTS implementation dates, and GDPR DPIA review cycles are surfaced with countdown alerts to responsible stakeholders.
How it works
Select Frameworks
Choose from 84+ supported frameworks including NIS2, DORA, GDPR, ISO 27001, SOC 2, and EU AI Act. FortisEU loads the complete control catalogue and identifies cross-framework overlaps automatically.
Map Controls
Map your existing policies, procedures, and technical controls to framework requirements. The cross-mapping engine ensures each control satisfies multiple framework requirements simultaneously, reducing duplicate effort by up to 70%.
Collect Evidence
Attach evidence artefacts to controls manually or via 50+ automated collectors. Each piece of evidence is tagged to the specific requirements it satisfies and scored for freshness and completeness.
Monitor Continuously
Compliance posture is recalculated in real time as evidence is collected, controls change, and new regulatory requirements emerge. Drift alerts and gap notifications keep your team ahead of audit cycles.
Built for your team
Multi-Framework Compliance Strategy
A CISO managing compliance across NIS2, DORA, and ISO 27001 uses the cross-mapping engine to identify that 62% of DORA controls are already satisfied by existing ISO 27001 implementations. This reduces the DORA readiness project scope from 18 months to 7 months, saving significant budget and team capacity.
Daily Compliance Operations
The compliance officer starts each day with the drift dashboard showing 3 pieces of evidence approaching expiry and 2 new gaps created by a recently published DORA RTS. They assign remediation tasks directly from the gap analysis, track progress through built-in workflows, and generate a weekly status report for leadership.
Audit Evidence Review
An external auditor conducting an ISO 27001 surveillance audit receives a complete audit pack exported as a structured PDF. Every control narrative links to timestamped evidence, review logs, and approval chains, reducing the back-and-forth evidence request cycle from weeks to hours.
Supports your compliance stack
Common questions
How many compliance frameworks does FortisEU support?
FortisEU supports 84+ compliance frameworks out of the box, covering EU regulations (NIS2 Directive 2022/2555, DORA Regulation 2022/2554, GDPR Regulation 2016/679, EU AI Act), international standards (ISO 27001, ISO 27701, ISO 22301), and industry frameworks (SOC 2, PCI DSS, NIST CSF). New frameworks are added within 30 days of publication. Custom frameworks can be created for internal policies or industry-specific requirements.
How does cross-framework control mapping work?
The cross-mapping engine maintains a canonical control taxonomy that maps individual control implementations to requirements across every selected framework. When you implement a network segmentation control, FortisEU automatically recognises it satisfies NIS2 Article 21(2)(a) risk management, DORA Article 9(2) ICT security policies, ISO 27001 Annex A.13 communications security, and related requirements in other frameworks. This typically reduces total control implementation effort by 60-70% compared to framework-by-framework compliance.
Can I create custom frameworks or modify existing ones?
Yes. The framework editor lets you create entirely custom frameworks with your own control structure, or clone and modify any built-in framework. This is commonly used for internal security policies, sector-specific requirements (e.g., EBA ICT guidelines for banking), or customer-mandated control sets. Custom frameworks participate fully in cross-mapping, gap analysis, and compliance scoring.
What percentage of compliance work can be automated?
Based on customer deployments, FortisEU automates approximately 65-80% of recurring compliance activities including evidence collection, drift monitoring, gap detection, and report generation. The remaining 20-35% involves human judgement tasks such as risk acceptance decisions, policy authoring, and control design. The automation percentage increases over time as more integrations are connected and the knowledge base grows.
How does FortisEU handle differences between EU and US compliance frameworks?
FortisEU is built EU-first but supports global frameworks. The key architectural difference is that EU regulations (NIS2, DORA, GDPR) are prescriptive and carry direct enforcement penalties, while US frameworks (SOC 2, NIST) are typically voluntary or sector-specific. FortisEU maps these differences in its cross-mapping engine, highlighting where a SOC 2 control satisfies a DORA requirement and where EU regulations impose additional obligations not covered by US frameworks. Data residency requirements under GDPR Chapter V are tracked separately from general security controls.
Related features
Evidence Collection
Collect once. Prove everywhere.
Learn moreRisk Management
From risk register to risk intelligence.
Learn moreExecutive Dashboards
Board-ready compliance intelligence. Not another spreadsheet.
Learn moreQuestionnaire Automation
Answer security questionnaires in minutes, not weeks.
Learn moreSee Compliance Automation in Action
Create an account and explore the platform, or talk to our team about enterprise deployment.