What is the difference between one-time certification and ongoing compliance?

An ISO 27001 certification or NIS2 gap analysis is a snapshot in time. Continuous compliance means your organisation continuously meets the requirements — even after the audit. This requires regular internal audits, updating policies when new risks emerge, and monitoring your security measures. We handle this systematically on your behalf.

Which regulations does your compliance service cover?

We guide organisations bij NIS2 (Cybersecurity Act), DORA, GDPR/GDPR, EU AI Act, ISO 27001, ISO 27701, ISO 42001 and NEN 7510. Voor de meeste SMEs+ organisations zijn NIS2 and ISO 27001 de meest urgente engagements in 2026.

NIS2, DORA & GDPR Compliance-as-a-Service

Our services

Choose the service that suits your needs

NIS2 — Ongoing Compliance

Continuous NIS2 compliance: 10 core measures, breach notification, record-keeping and management responsibility.

NIS2Breach ReportingGovernance

View NIS2 →

DORA — Ongoing Compliance

For financial entities: ICT risk management, incident reporting, resilience testing and third-party management.

DORATLPT3rd Party

View DORA →

GDPR — Continuous

Continuous GDPR compliance: Records of Processing Activities maintenance, DPIA, breach monitoring and regular audits.

GDPRROPAAudits

View GDPR →

EU AI Act Compliance

Continuous EU AI Act compliance: classification, conformity, documentation and post-market monitoring.

AI ActConformPMS

View AI Act →

ISO 27001 — Ongoing

Maintenance of your ISMS: internal audits, management reviews, surveillance audits and continual improvement.

ISMSAuditsPDCA

View ISO 27001 →

ISO 27701 — Continuous

Maintenance of your PIMS: privacy reviews, control monitoring and surveillance audits for ISO 27701.

PIMSPrivacyAudits

View ISO 27701 →

ISO 42001 — Continuous

Maintenance of your AIMS: AI risk reviews, model monitoring and surveillance audits for ISO 42001.

AIMSAIAudits

View ISO 42001 →

NEN 7510 — Continuous

Maintenance of your NEN 7510 ISMS: healthcare audits, incident reviews and monitoring per Wabvpz.

HealthcareLSPWabvpz

View NEN 7510 →

Always compliant — even after your certification? Discover how we systematically support your organisation with continuous compliance for all relevant standards and regulations. Free Consultation →

Compliance-as-a-Service: continuously compliant instead of annually panicked

Compliance is not a project that ends with a certificate. NIS2, DORA, GDPR and the EU AI Act require continuous attention: risks change, legislation evolves, suppliers change. We see the same pattern at many organisations — a few months before an audit or client request, stress erupts, external consultants are brought in, documents are quickly updated. Then it fades away until the next trigger. We offer an alternative: Compliance-as-a-Service, where we manage the continuous rhythm of your compliance programme, so you always demonstrably comply without peak pressure.

Our service combines our on-premise GRC platform with monthly consultancy support. The platform holds your policies, your risk register, your controls mapping across NIS2 / DORA / GDPR / ISO 27001 / ISO 42001, your audit findings and your action plan. Our consultants work each month a fixed number of hours with your compliance officer: updating risk analysis, implementing policy changes, conducting supplier assessments, handling data breaches and guiding internal audits. You receive quarterly reports for management and oversight, so you are demonstrably in control.

This form of collaboration suits organisations that do not want or cannot build their own compliance department but must seriously comply. Our clients range from fast-growing start-ups combining their first GDPR / ISO 27001 engagement, to established mid-market organisations that must implement NIS2 and DORA simultaneously. We scale flexibly with you — more hours during an audit, fewer in quiet periods — and lock in governance so you are not dependent on individual consultants. You can exit at any time; if you continue, the knowledge simply continues to build.

Frequently asked questions about Compliance-as-a-Service

What exactly is included in Compliance-as-a-Service?

Standard: maintenance of your risk register and controls matrix, updating policy documents, quarterly compliance reviews, support for internal and external audits, data breach handling and supplier assessments. Expansions possible with: external DPO function, external Security Officer (vCISO), training and awareness programmes, and guidance on client compliance questions. We tailor the exact scope to your risk profile and maturity.

Which frameworks do you support in the platform?

ISO 27001, ISO 27701, ISO 42001, NIS2 / Dutch Cybersecurity Act, DORA, GDPR and NEN 7510 are natively mapped. Controls are cross-linked — when you implement a control for ISO 27001, you directly see which NIS2 and DORA obligations you cover with it. This saves double work and makes multi-framework compliance manageable.

How much does Compliance-as-a-Service cost?

Monthly costs depend on organisation size, number of frameworks and desired hour bandwidth. For an SME+ organisation with one or two frameworks, the monthly fee starts at approximately €2,500 per month (excluding one-time implementation). For organisations with multiple frameworks or a vCISO role, it can reach €7,500+ per month. We work with a clear scope and monthly hour reporting — no surprises.

Compliance Services: ISO 27001, NIS2, DORA & GDPR