CISO Assistant
GRC can be tough:
let CISO Assistant do the heavy lifting for you
let CISO Assistant do the heavy lifting for you
Cyber security program management can be challenging regardless of the size of your company. CISO Assistant one-stop-shop approach provides a pragmatic way to handle the complexity of GRC (Governance, Risk and Compliance) and make the tools work for you instead of the other way around.
Use cases
Discover how CISO Assistant can help for various use cases, providing a pragmatic approach to drive your cyber security program.
Multi-Framework Compliance
150+ frameworks, one platform
Description
Organizations face an ever-growing landscape of regulations and standards — NIS2, DORA, ISO 27001, SOC 2, GDPR and more. Managing them in silos means duplicated effort, inconsistent controls, and audit fatigue. The challenge is not just compliance, but doing it efficiently across all frameworks at once.
Benefits
CISO Assistant ships with over 150 built-in frameworks and lets you create custom ones. Its automatic mapping engine links your security controls to requirements across all frameworks at once — assess once, comply everywhere. Preconfigured compliance journeys, customizable reports, and DORA ROI reporting make it easy to demonstrate progress to auditors, regulators, and the board.
Risk-Driven Security Program
From assessment to treatment
Description
Risk assessment is the foundation of any security program, yet most teams still rely on scattered spreadsheets and manual processes. Keeping risk registers current, aligning them with evolving threats, and tracking treatment plans across the organization becomes unsustainable as complexity grows.
Benefits
CISO Assistant supports ISO 27005 and EBIOS RM methodologies natively, with built-in cyber risk quantification (CRQ) and business impact analysis (BIA). Manage multiple risk assessments per project, track treatment plans with assigned owners and deadlines, and leverage threat and control libraries to build on previous work. Everything stays connected — from risk scenarios to remediation actions — giving you a live, actionable view of your security posture.
Audit & Evidence Management
Continuous proof, zero scramble
Description
When audit season arrives, teams scramble to collect evidence, chase stakeholders, and compile findings under tight deadlines. Between internal audits, penetration tests, and external certifications, the volume of findings to track and evidence to maintain grows exponentially.
Benefits
CISO Assistant lets you run audit campaigns, collect and manage evidence continuously, and track findings from pentests, audits, and assessments in one place. Build homologation files, maintain a complete audit log, and set up automatic reminders so evidence stays fresh. Process owners document their controls once and refresh evidence on schedule — no more last-minute fire drills.
Third-Party Risk Management
Assess, monitor, report
Description
Your security posture extends well beyond your own perimeter. Suppliers, partners, and service providers introduce risks that are hard to track with ad-hoc questionnaires and email threads. Regulatory pressure — NIS2, DORA — now demands structured third-party risk management.
Benefits
CISO Assistant provides a dedicated third-party management module to assess, track, and report on supplier and partner risk. Leverage built-in or custom frameworks to run structured evaluations, assign owners, and monitor remediation over time. Combined with customizable dashboards and automated notifications, you maintain continuous visibility over your extended attack surface.
GRC at Scale
Govern, collaborate, report
Description
As organizations grow, GRC activities fragment across departments, tools, and methodologies. Without a unified platform, CISOs lose visibility, teams duplicate work, and reporting becomes a manual exercise that consumes more time than the security work itself.
Benefits
CISO Assistant is built for multi-team, multi-project governance. Flexible RBAC and SSO (SAML & OIDC) ensure the right people access the right scope. Collaboration features with task assignment, automatic notifications, and periodic task management keep everyone aligned. Integrated analytics, customizable KPIs, and dashboards give CISOs a real-time aggregated view — from individual project status to organization-wide security posture.
AI-Augmented GRC
Your models, your data
Description
AI is transforming how security teams work, but GRC data is sensitive by nature — risk assessments, audit findings, compliance gaps. Sending this data to public AI services is a non-starter for most organizations. The question is not whether to use AI, but how to do it without compromising confidentiality.
Benefits
CISO Assistant integrates AI natively through MCP (Model Context Protocol) and an embedded AI chat that works with your own models. Get intelligent suggestions for risk scoring, control mapping, and gap analysis — all processed within your environment. Whether deployed on-premises or in your private cloud, your GRC data never leaves your perimeter and is never used to train external models.
Open Source & Sovereign
Full control, zero lock-in
Description
Vendor lock-in, opaque SaaS platforms, and data residency concerns are real barriers for security-conscious organizations. Many GRC tools force you into rigid pricing, proprietary formats, and cloud-only deployments that conflict with sovereignty requirements.
Benefits
CISO Assistant is open source at its core, with a free community edition and a Pro edition available in SaaS or on-premises. Available in 23+ languages, it adapts to global teams. Full API, CLI, and n8n integration enable automation and fit into your existing toolchain. Import and export your data freely — you own it, always. Whether you're a consultant managing multiple clients or an enterprise with strict data sovereignty needs, CISO Assistant gives you full control over your GRC platform.
Simple and flexible pricing
Check out the pricing page for more details
FAQ
How does the pricing work?
You need seats only for contributors (editors); readers are free up to 100 readers. Beyond that scope, you need to switch to an enterprise plan for the readers' license package.
Can I move my data between environments?
Yes, with built in data export and import capabilities, you can move your data between different instances, both cloud or on-premises.
What is the support model?
The standard support plan covers business hours over a business week. For critical systems requiring advanced support, please reach out to the team for an enterprise plan.
I need custom features.
The enterprise plan includes customization options based on quotation. Any customization will be covered by the enterprise support plan.
I need help setting up GRC practices.
In addition to CISO Assistant tooling, you can reach out to the team to get a quotation for a GRC acceleration package that includes coaching sessions and interviews to set up GRC practices for your organization.
I have highly sensitive data.
Our cloud instance is deployed following the best practices and standards for cloud security. The on-premises setup can also be an option for use cases with critical information. More details available below on our security page.
What does Private Gen AI mean?
Private generative AI means that you interact with models that are exclusive to your instance and run in private environments. These can be run in your infrastructure or our cloud instance and guarantee that your data never leaves your perimeter.
How long can I keep the trial instance?
30 days.
Is the community edition free forever?
Yes.
I'm an integrator looking to rebrand the solution for my customers.
We have a white label program that we can discuss .
I'm a solo consultant and don't want to pay for each one of my customers.
You only pay contributor seats since readers are free.
I would like to contribute.
This is possible, check the contributions guide on our GitHub.
What is the OSS license?
AGPLv3.
I already have a lot of risks assessments, can I import them at once?
Yes, as long as they share the same format in CSV or Excel and are structured, the import wizard of the pro version will be able to pick it up. In the meanwhile, you can use the API to do that.
What are the prerequisites to install CISO Assistant?
CISO Assistant consists of a few docker images. You can install it on your laptop, desktop, or server. If it can run Excel, it can run CISO Assistant :). Once you install Docker and Docker-compose, follow the instructions on GitHub. The other flavours of installation are documented in the Docs section.
What are the supported languages?
CISO Assistant is available in over 15 languages, thanks to a very active community worldwide. Checkout the github page to learn more about the existing and upcoming ones.
What are the premium features that are specific to PRO plan?
Checkout the /pro page to learn more.
What are the supported frameworks?
CISO Assistant has more than 70 cyber security frameworks and it is still counting. If you notice that one is missing, reach out to the team through Discord or contact form. If it's an open and free standard or regulation, we will add it for free.
What does contributor/seats count mean on the PRO plan?
A contributor is a user with write permission who will input or change data, including a review, comment, or approval. This is what we use to define the pro seats, allowing us to ensure that readers are free. Both SaaS and On-premises plans have unlimited options if you don't want to count the contributor seats.
Can I add a custom/internal framework?
Yes. Just follow the instructions on the documentation to use our open format. We also provide express consultancy options to assist with complex and large framework integration.
Reach out to us
Have questions or need assistance shaping your needs and projects? Feel free to contact the team using the form below. We're here to help!
Email
contact@intuitem.com
Call
+33 6 63 06 83 31
Chat
intuitem - community