Kardu

A GRC system designed for European companies.

Kardu manages ISO 27001, NIS2, ENS and DORA in one system without duplicating work, without losing control.

Request early accessView pricing

Everything you need in one system

Eight integrated modules covering the complete compliance cycle.

Controls Management

ISO 27001, NIS2, ENS and DORA automatically mapped and cross-referenced. A control that covers NIS2 also covers ISO 27001 with no extra work.

  • 93 ISO 27001 controls
  • 21 NIS2 measures
  • 75 ENS measures
  • DORA ICT risk management
— module image —

Linked Evidence

Every control has its evidence attached with cryptographic timestamping. Automatic expiries and full lifecycle traceability.

  • Manual document upload
  • Cryptographic timestamping
  • Alerts 30 days before expiry
  • Immutable change history
— module image —

Public Trust Center

Public page of your security posture at trust.kardu.eu/your-company. Share with clients, partners and auditors with a single link.

  • Configurable public URL
  • Visible Compliance Score
  • Auditor access with signed URL
  • Embeddable Trust Badge
— module image —

Automations

No-code workflows based on events in your compliance program. Automatic alerts, assignments and reminders.

  • Evidence reminders
  • Automatic task assignment
  • Email notifications
  • Webhooks for integrations
— module image —

Team Management

Integrated RACI matrix. Assign owners by control and framework. Team training and awareness included.

  • Roles by framework
  • Visual RACI matrix
  • Awareness courses
  • Progress per person
— module image —

Security and Privacy

Data hosted in the EU. Multi-tenant with full isolation per organization. RLS enabled on all tables.

  • Data in Frankfurt EU
  • MFA enabled
  • RLS per organization
  • No CLOUD Act exposure
— module image —

Reporting and Audit

Audit-ready reports with one click. PDF export with integrity hash. Immutable audit log of all actions.

  • PDF export with integrity hash
  • Audit log CSV export
  • Change history per control
  • Auditor mode without Kardu account
— module image —

Compliance Score

Objective progress metric combining control completeness, evidence quality and task speed. In real time.

  • Real-time 0-100 score
  • Weekly trend with reason
  • Breakdown by category
  • Evolution history
— module image —
Design principles

The decisions that make us different.

We build Kardu following the Security by Design principles defined by ENISA. This is not marketing — it is architecture.

ENISA Security by Design principles
View ENISA guidelines
1

Security by design

Every architecture decision prioritises security from the start. It is not an additional layer — it is the foundation everything is built on.

2

Proof before process

Controls are not marked complete with just a checkbox. They require at least one linked piece of evidence.

3

Auditability at every level

Every action with consequences on compliance status generates an immutable record. The system cannot forget.

4

Designed for EU sovereignty

The architecture allows migration to fully sovereign EU infrastructure without rewriting the product.