Compliance Framework
for Software & Infrastructure

Our Software Security Compliance Framework helps you make your infrastructure and software compliant with ISO 27001, ISO 9001, GDPR, DORA, and NIS-2. From gap analysis to successful audit.

Request Workshop Learn More

Leading companies trust our expertise ↘

UDS
Volkswagen
Liebherr
T-Systems
Program51
FJD
DWT
INH
Hades
HiOrg-Server
own3d
Tikfinity
Connext
Buben & Mädchen
Portainer
Prime Insights
TELTEC
Elevantiq
Moovit
CFTools
OCC
Reiner SCT
Schwarze Gruppe
Stadt Köln
Vivavis
Avemio Tech
Business Intelligence
Cosanta
Datamints
Rimian
Clade
Cyreen
Inett
Paperless Group
Pikon
PXIO
SaaS Systems
Seven2One
SEWOBE
Taywa
VJupix
UDS
Volkswagen
Liebherr
T-Systems
Program51
FJD
DWT
INH
Hades
HiOrg-Server
own3d
Tikfinity
Connext
Buben & Mädchen
Portainer
Prime Insights
TELTEC
Elevantiq
Moovit
CFTools
OCC
Reiner SCT
Schwarze Gruppe
Stadt Köln
Vivavis
Avemio Tech
Business Intelligence
Cosanta
Datamints
Rimian
Clade
Cyreen
Inett
Paperless Group
Pikon
PXIO
SaaS Systems
Seven2One
SEWOBE
Taywa
VJupix

Compliance as Competitive Advantage

Regulatory requirements like DORA, NIS-2, and GDPR are not obstacles but opportunities. Our framework makes compliance plannable, verifiable, and automatable.

Gap Analysis

Where do you stand today?

Systematic analysis of your existing processes and infrastructure against ISO 27001, GDPR, DORA, and NIS-2 requirements. Identification of gaps and prioritization of measures.
Analysis Assessment Roadmap

Control Mapping

Document technical measures

Clear assignment of technical measures to regulatory controls. Traceable for auditors and management. Based on the Polycrate Security Framework.
Controls Mapping Documentation

Evidence Artifacts

Generate evidence automatically

Automated generation of audit evidence from your infrastructure. Logs, configurations, policies, and reports - exportable at any time.
Evidence Audit Automation

Supported Standards

Our framework covers the most important regulatory requirements for European companies.

ISO 27001:2022

  • Annex A Controls fully mapped
  • 32 detailed documentations
  • Control-to-App assignment
  • Shared Responsibility Model
  • Evidence export for audits
ISO 27001 Details

GDPR

  • Art. 17 - Right to Erasure
  • Art. 25 - Privacy by Design
  • Art. 28 - Data Processing
  • Art. 32 - Security of Processing
  • Technical & organizational measures
GDPR Details

DORA

  • Digital Operational Resilience
  • ICT Risk Management
  • Incident Reporting
  • Resilience Testing
  • Third-Party Risk Management
DORA Details

NIS-2 / Critical Infrastructure

  • Critical Infrastructures
  • BSI IT-Grundschutz Mapping
  • Reporting Obligations
  • Supply Chain Security
  • Business Continuity
NIS-2 Details

Other Standards

  • Industry-specific Standards
  • Custom Requirements
  • Special Regulatory Needs
  • Framework Extensions
  • Tailored Mappings

The Framework in Detail

Our Compliance Framework is more than just documentation - it’s a living system that grows with your infrastructure.

Role-based Views

Everyone gets what they need

Dedicated documentation for CISOs, Data Protection Officers, Auditors, DevOps teams, and Legal/Procurement. No information overload.
CISO DPO Auditor DevOps

Topic-based Navigation

Quick access to topics

Identity & Access Management, Logging & Audit, Backup & BCDR, Vulnerability Management, Network Security, Cryptography, and more.
IAM Logging Backup Security

App Compliance

Every component documented

For each Managed App, we document control mappings, shared responsibility, and evidence artifacts.
Apps Components Mappings

Bidirectional Navigation

From control to app and back

Navigate from ISO controls to implementing apps or vice versa. Complete traceability.
Navigation Traceability Controls

Mermaid Diagrams

Processes visualized

Complex processes and architectures as interactive diagrams. Understandable for technical and non-technical stakeholders.
Visualization Processes Architecture

Evidence Export

Audit-ready at the push of a button

Concrete CLI commands for exporting evidence artifacts. Logs, configurations, policies - all documented.
Export CLI Automation

Compliance Workshop

The Compliance Framework is part of our Software Compliance Workshop. In one intensive day, we bring your team up to speed.

Software Compliance Workshop

€9,999.95 excl. VAT

  • ISMS integration for Polycrate
  • Ready-to-use compliance documents
  • DORA conformity
  • NIS-2 requirements
  • EU regulations overview
  • Duration: 1 day
  • Audience: CIO / CISO / ISB

Framework Benefits

Why companies choose our Compliance Framework.

Audit-Ready

Always prepared

All evidence structured and exportable. No hectic preparation before audits. Continuous compliance instead of point-in-time checks.
Audit Evidence Preparation

Made in Germany

EU-compliant by design

Developed in Germany for European requirements. No compromises on data protection and data sovereignty.
Germany EU Sovereignty

Living Documentation

Always up-to-date

The framework grows with your infrastructure. New apps, new controls, new regulations - continuously updated.
Updates Current Maintenance

Polycrate Integration

Infrastructure as Code

Seamless integration with Polycrate for automated compliance. Policy as Code, GitOps, and declarative configuration.
Polycrate IaC Automation

Open Source Based

No Vendor Lock-in

Based on proven open-source tools like Kubernetes, Grafana, and ArgoCD. Full transparency and control.
Open Source Transparency Control

Shared Responsibility

Clear Responsibilities

Documented separation between platform responsibility and customer responsibility. No gray areas during audits.
Responsibility Clarity Separation

Comparison with Alternatives

How our framework compares to other solutions.

vs. Big 4 Consulting

Kriterium ayedo Big 4 Consulting
Cost
Fixed-price workshop
Daily rates from €2,000
Technical Depth
Hands-on with your infra
Generic frameworks
Implementation
Ready immediately
Months of project
Maintenance
Continuous updates
One-time delivery

vs. DIY / In-house

Kriterium ayedo DIY / In-house
Time-to-Value
1 day workshop
Months of setup
Expertise
15+ years experience
Learning by doing
Currency
Continuously updated
Quickly outdated
Cost
One-time investment
Internal resources

vs. GRC Platforms

Kriterium ayedo GRC Platforms
Integration
Kubernetes-native
Usually superficial
Evidence
Automatic from infra
Manual input
Vendor Lock-in
Open source based
Proprietary
Ongoing Costs
No license fees
SaaS fees

Frequently Asked Questions

Answers to the most important questions about the Compliance Framework.

Which companies is the framework suitable for?

The framework is aimed at companies that operate or are building cloud-native infrastructure and need to meet regulatory requirements such as ISO 27001, GDPR, DORA, or NIS-2. Particularly suitable for financial services, healthcare, critical infrastructure, and B2B SaaS providers.

Do I need to be an ayedo customer to use the framework?

The framework is optimized for the ayedo Platform and Polycrate, but can also serve as a reference for other Kubernetes environments. The full benefit unfolds in combination with our managed services.

What is included in the workshop?

The Software Compliance Workshop (€9,999.95) includes a full-day workshop with your team, access to the complete Compliance Framework, ISMS integration, gap analysis of your current situation, and concrete action planning. More about our workshops →

How is the framework updated?

The framework is continuously maintained. When new regulations, updated standards, or new apps are released, we expand the documentation. As a workshop participant, you receive access to all updates.

How long does implementation take?

The workshop itself takes one day. Full integration into your processes depends on your current state - typically 2-4 weeks for technical implementation, 2-3 months for organizational anchoring.