Skip the spreadsheet. Skip the consultant.

Recurring tasks with named owners, evidence registers, an append-only activity log, and a read-only login your auditor signs into directly. Eleven EU and international frameworks pre-loaded with the actual control text and review cadences. Italian entity, EU hosting. Free for one user. Self-serve up to €299 a month.

Open the portal See pricing

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

ISO 27001:2022 GDPR / AVG NIS2 NEN 7510 DORA EU AI Act ISO 27701 ISO 22301 SOC 2 BIO PCI DSS
The Dazr Compliance portal with a dashboard, frameworks list, and audit-readiness checklist.

Everything an auditor will ask for.

Auditors do not fail you on policy wording. They fail you because nobody reviewed access in nine months, the breach plan was never tested, and the vendor list still mentions a tool you stopped using last year. That is where the platform helps.

11 frameworks pre-loaded

ISO 27001:2022 (all 93 controls), GDPR, NIS2, NEN 7510, DORA, EU AI Act, ISO 27701, ISO 22301, SOC 2, BIO and PCI DSS. Every control has a description, a recommendation, and a default review cadence.

Someone always owns it

Hand each control to a person on your team with a due date. They get a calm email when it is their turn. Overdue items escalate. Nothing sits in a spreadsheet column called "Q3 review (?)".

Prepare-for-Audit checklist

A live readiness score, computed from your workspace. Every check is a question a real auditor will ask. Inline edit for the documents and dates they request: SoA, ROPA, sub-processors, last management review, last pen test, ASV scan, DPIA template, and many more.

Risk register with heatmap

Score every risk by likelihood and impact, watch the heatmap update, track mitigation plans through to closure. Critical risks roll up to the dashboard so they cannot be ignored.

EU-hosted, encrypted, no telemetry

Italian entity, EU jurisdiction. AES-256-GCM encryption at rest on top of provider-level at-rest encryption. No analytics pixels. No third-party trackers.

REST API and webhooks

Read-only Bearer-authenticated REST over HTTPS with full reference docs. Plug your workspace into your ITSM, SIEM or chat. Webhook deliveries are HMAC-signed. Enterprise plan.

Show all 14 featuresShow fewer features

Incident register with the fields auditors actually ask for

Severity, type, detection / containment / resolution timestamps, affected systems, regulator-notification block (Art. 33 / NIS2 24h-72h-1mo / DORA), root cause, mitigation, lessons learned. Full timeline + history per incident.

Anyone in your company can report

A friendly public reporting page for your team. Plain-English questions, screenshot upload, work-email allow-list to keep spam out. Reports land in a queue your security lead approves into the real incident register.

Read-only auditor view

Invite an external auditor for a fixed period. They see tasks, risks, incidents, evidence and full history. They can leave comments. Access expires automatically.

One-click PDF audit trail

Cover, summary, per-framework breakdown, outstanding items, completion log, sign-off page. Branded with your company name on Pro. White-labelled (no Dazr anywhere) on Enterprise.

Bulk import & export

Bring data in from Excel and CSV with column-mapping and example previews; download Excel and CSV snapshots of every register for review or backup. Export on Pro, import on Enterprise.

Activity log auditors trust

Append-only audit trail of every state-changing action: who did what when, including everything support and auditors do. Free and Pro keep a rolling 200-event window; Enterprise is unbounded.

Vendor / sub-processor register

Every third party that touches your data: kind, country, DPA, SOC 2 / ISO links, last review date. The platform itself appears as an auto-managed sub-processor disclosure with a completed self-review, so your auditor sees the full chain on day one.

Asset inventory

Servers, laptops, SaaS apps, repositories, the things in scope for your audit. One canonical list with owner, criticality, classification and location. Required by ISO 27001 A.5.9, NIS2, PCI DSS and SOC 2.

Pricing, in public.

Self-serve up to Enterprise. No quotes, no calls, no procurement runaround. Custom is the only tier that needs a conversation.

Free
€0/mo

Forever, for one user, one framework.

  • 1 framework, 1 user
  • Tasks & incidents, email reminders
  • Role-based access
  • Activity audit log
  • EU-hosted, encrypted
  • 99.9% uptime SLA
  • Knowledge base access
Start free
Pro
€29/mo

Pick three frameworks. Up to five users.

  • Everything in Free, plus:
  • 3 frameworks, up to 5 users
  • Risk register
  • External auditor view
  • PDF export (Dazr-branded)
  • Bulk export (Excel / CSV)
  • Email support
Get Pro
Enterprise
€299/mo

All 11 frameworks, unlimited users. No contract.

  • Everything in Pro, plus:
  • All 11 frameworks, unlimited users
  • Prepare for Audit readiness checklist
  • Vendor & asset registers
  • White-label PDF, custom logo and footer
  • Public reporting portal for staff incident reports
  • Custom review schedules per control
Show moreShow fewer
  • Bulk import & export (Excel / CSV)
  • Unlimited activity audit log
  • REST API access
  • Priority email support
  • Named implementation specialist
  • Quarterly business review
Get Enterprise
Custom
From €800/mo

Multi-entity, regulated industries, on-prem or VPC. Contract-based.

  • Everything in Enterprise, plus:
  • Multi-entity workspaces (one parent, many subsidiaries)
  • Custom integrations built & maintained by our team
  • Custom framework templates (your sector standard)
  • Dedicated customer success manager
Show moreShow fewer
  • On-prem or single-tenant VPC deployment
  • Regulated-industry program (NEN 7510, DORA, BIO)
  • Custom SLA & data residency
  • Procurement-friendly contracts
  • White-label option for MSPs and consultancies

Why teams pick Dazr.

Three things EU compliance teams tell us when they switch.

EU-native by default
  • EU-built, EU-hosted, GDPR-native. No transfer impact assessment to negotiate, no standard contractual clauses to sign by default.
  • Italian entity, EU jurisdiction, EU support team. Procurement reviews tend to take weeks instead of months.
  • Eleven EU and international frameworks pre-loaded, including ISO 27001, NIS2, DORA, NEN 7510, BIO and the EU AI Act.
  • Read-only auditor view and white-label audit-trail PDF. The deliverable real auditors accept, on every plan from Pro up.
Built for daily operation, not one-off audits
  • Pre-loaded controls with descriptions, recommendations and review cadences. The work is laid out for you, not a blank page.
  • Append-only activity log for every state-changing action. Auditors can verify what was done and when, not just what is currently written down.
  • Reminders, escalation and recurrence by default. A system of record that keeps itself current.
  • Bulk import and export in Excel and CSV. Bring an existing register in, take a snapshot out for offline review.
Persists between cycles, scales with the team
  • Owned by your team, not a contractor. Tasks land with the people who actually do the work; the platform stays after any external help leaves.
  • Eleven frameworks across one workspace. Add ISO 27001, then GDPR, then DORA without rebuilding the foundation.
  • Custom tier brings a dedicated CSM, regulated-industry program (DORA finance, NEN 7510 hospitals, BIO public sector) and multi-entity workspaces when complexity warrants it.
  • Lower run-rate than periodic engagements, kept up to date by the platform.

Honest answers.

Is the free tier really free?

Yes. One user, one framework, the full workflow and reminders. No card up front, no expiring trial. The PDF audit-trail export starts on Pro.

Where is my data hosted?

Entirely on European infrastructure, under EU jurisdiction. Application data is encrypted at rest with AES-256-GCM. We do not run telemetry or analytics pixels.

Which frameworks are supported?

Eleven, all live: ISO 27001:2022 (all 93 Annex A controls), GDPR / AVG, NIS2, NEN 7510, DORA, EU AI Act, ISO 27701, ISO 22301, SOC 2, BIO and PCI DSS. Every control carries a description, a recommendation, and a default review cadence.

Will my external auditor accept this?

Yes. Every assignment, completion, evidence link and incident is logged with a timestamp and the responsible person. Export the full history as a single PDF and hand it over - or invite the auditor straight into a read-only view of the workspace.

How does the public incident-reporting portal work?

You enable it in the portal and we mint a unique link to share with your team. Anyone in your company can submit a report - friendly questions, screenshot upload, no login required. An email-domain allow-list keeps random submissions out. Reports land in a queue an admin approves into the real incident register, or rejects.

What's in "Prepare for Audit"?

A live readiness score per framework. Each item is a question a real auditor will ask: "Show me the SoA", "Last management review?", "Last ASV scan?", "ROPA URL?". Inline edits save the answers as you go. The Pro tier unlocks it.

How do I get started?

Sign up at compliance.dazr.eu with your work email, pick the framework you care about most, and you are in. Free for one user, one framework. No credit card.

Ready when you are.

Sign-up happens on the portal. No card up front.

Open compliance.dazr.eu