Now in Norrsent: Copilot. It drafts. Your team decides.

Norrsent · the GRC platform

GRC software
that holds up
at audit.

Risk, compliance, and governance run on one data model. Every write gets signed and attributed when it happens, so the audit firm doesn’t turn into a three-week scramble.

REQUEST A DEMOExplore the platform →
THREATSPREVENTIVERISK EVENTMITIGATINGCONSEQUENCESTHR-01Authority backlogTHR-02EIA findings disputeTHR-03Public objectionCTL-P1Pre-app engagementCTL-P2Independent EIACTL-P3Stakeholder mapCTL-M1EIA fast-trackCTL-M2Schedule reflowCTL-M3CAPEX contingencyIMP-01CAPEX carry €5M+IMP-02Schedule slipIMP-03Innovation fund lostPermitdelayedCRITICAL · 6–12 MONTHS · RISK-0042BOW-TIE · ISO 31000 · LIVE VIEW

Risk Management

Replace the risk spreadsheet.

The ISO 31000 lifecycle in one register: identification, scoring, mitigation, controls. Plus an audit trail your auditor can actually use.

Learn more

Threat Management

Threat data, kept current for you.

3,000+ canonical threats across sectors and geographies. You link them to your risks once. After that, updates propagate without you doing the work again.

Learn more

Controls Management

Controls you can actually test.

Build the control library once and apply it to risks, obligations, or policies. Test scheduling and evidence capture come with it.

Learn more

Incident Reporting

Incidents that feed the register.

Capture incidents in the platform, not in email. Escalation routes by severity. Each incident links to a risk so the register learns from it.

Learn more

CSRD

Built for cycle two.

Double materiality, ESRS data lineage, evidence packs your assurance provider can read directly. Built so cycle two reuses cycle one rather than starts over.

Learn more

Policy Management

Policies that don't sit in PDFs.

Author and version policies in the platform. Distribute them, track who attested, link each policy to the controls it actually governs.

Learn more

Third-party Risk

Vendor risk you can keep up with.

Run due diligence assessments. Tier vendors by exposure. Each profile links back to the contract that scopes the relationship.

Learn more

Audit Management

Internal audit lives in the platform.

Plan internal audits, capture findings, track remediation. The evidence trail is signed and ready when the regulator or external audit firm asks.

Learn more

Norrsent Copilot · Responsible AI

Copilot drafts.
Your team decides.

Copilot proposes risks, controls, mitigations, and reports. It does not write to the register, sign disclosures, or make risk-acceptance calls. Those still belong to whoever owns them today.

  • Surfaces threats relevant to your sector and geography
  • Suggests control fit and ranks by effort
  • Drafts mitigation options with effectiveness scoring
  • Audits the existing register for gaps and stale entries
  • Drafts reports for your team to review and sign
How Copilot works, including what it won’t do →
How every Copilot output reaches the register
Step 01 · CopilotSuggests
12 risks proposed, 3 control gaps, 1 stale assessment
Step 02 · HumanDecides
Review, adjust, approve or reject. Every output, every time.
Step 03 · RegisterSigned
Approved entries write with the human approver attributed and signed.
No autonomous writes. No GDPR Article 22 decisions. Reasoning is inspectable.

Cloud infrastructure & platform security

Built so your security team can sign off without escalation.

EU-hosted on AWS. Zero-trust between services, AES-256 at rest, TLS 1.3 in transit. ISO 27001 and SOC 2 Type II aligned. We’ve already written the answers your security team will ask for.

Read the full security architecture →
99.99%
Uptime SLA
EU
Data residency
ISO 27001
Aligned
Schrems II
Compliant

Start with Norrsent

A walkthrough on your data, not a stock demo.

REQUEST A DEMOTalk to us →