Speaking of missing categories — there's no "Compliance Tools" or "GRC" category yet. I'm building humadroid.io (SOC 2 / ISO 27001 compliance platform, based in Poland) and as far as I can tell, there aren't many European alternatives in this space. Most of the established players (Vanta, Drata, Secureframe) are US-based. Would be great to see this category added.
Interesting, do you also provide the actual audit for ISO 27001 as part of your service? That’s why I went with Oneleet, but a EU-based solution would be attractive.
No, we don't do audits — and that's intentional. I think there's a conflict of interest when the same company advises you on compliance and then certifies you. Incentives get weird.
The good news: there are plenty of EU-based ISO 27001 audit firms. We can recommend one or two if you need a pointer — we just don't have a formal catalogue or marketplace for that yet (though it's on my list).
So you'd use Humadroid for the preparation - policies, controls, evidence, risks, continuity plans, ISMS workbook - and then bring in an independent auditor for certification.
