[mlitwiniuk]

Speaking of missing categories — there's no "Compliance Tools" or "GRC" category yet. I'm building humadroid.io (SOC 2 / ISO 27001 compliance platform, based in Poland) and as far as I can tell, there aren't many European alternatives in this space. Most of the established players (Vanta, Drata, Secureframe) are US-based. Would be great to see this category added.

[evaneykelen]

Interesting, do you also provide the actual audit for ISO 27001 as part of your service? That’s why I went with Oneleet, but a EU-based solution would be attractive.

[mlitwiniuk]

No, we don't do audits — and that's intentional. I think there's a conflict of interest when the same company advises you on compliance and then certifies you. Incentives get weird.

The good news: there are plenty of EU-based ISO 27001 audit firms. We can recommend one or two if you need a pointer — we just don't have a formal catalogue or marketplace for that yet (though it's on my list).

So you'd use Humadroid for the preparation - policies, controls, evidence, risks, continuity plans, ISMS workbook - and then bring in an independent auditor for certification.

[evaneykelen]

They also do not carry out the audit themselves (for the same reason) but the do all the legwork for you. Huge benefit imo.

[mlitwiniuk]

Makes sense. We're working toward making the auditor connection easier on our end too. Not there yet, but it's on the roadmap.

[evaneykelen]

great, i’ll keep an eye on you guys