Assess compliance
Review every requirement, track progress at a glance, and move work through a clear approval flow.
Governy - GRC Platform
Compliance management, built for security teams.
Governy gives every compliance audit its own structured workspace — from assessing requirements and collecting evidence through planning the work and producing a report. It comes ready for the major regulatory frameworks and can take on your own, so teams can manage compliance across multiple standards without juggling spreadsheets.
Everything lives in one place: requirements, evidence, tasks, approvals and audit reports — with the right people given the right access, and your data kept on your own infrastructure.
What you can do
Collect evidence
Attach files and policy documents to any requirement, with full version history for certification.
Work as a team
Shared workspaces with tasks, planning, approvals and roles scoped to each workspace.
Cover any framework
Built-in ISO 27001, GDPR, DORA, NIS2 and CyFun — and add your own framework when you need to.
Close the gaps
Ready-made remediation recommendations, ranked by impact and effort, to guide your next steps.
Stay secure
Role-based access, strong authentication and self-hosting keep your information protected. Learn more.
Supported frameworks
| Framework | Description | Coverage |
|---|---|---|
| ISO 27001:2022 | Information Security Management System | Management clauses & Statement of Applicability (93 Annex A controls) |
| GDPR | General Data Protection Regulation | Full assessment journey |
| DORA | Digital Operational Resilience Act | Full assessment journey |
| NIS2 | Network and Information Security Directive 2 | Full assessment journey |
| CyFun | Belgian Centre for Cybersecurity framework | Maturity scoring across five categories |
| Custom | Add your own compliance framework | Fully configurable journeys and navigation |
Built for teams
- Multilingual — full interface in English and French
- Simple onboarding — people join through a tracked email invitation
- Right access for the right people — roles scoped to each workspace
- Strong authentication — optional two-step verification and extra checks on sensitive actions
- Self-hosted — runs entirely on your infrastructure; your data never leaves your environment
Ready to dive in? Start with the Platform functionalities.