New Β· EU AI Act available

Risk
management
without friction.

Unify risks, controls, audits and evidence in one place. Automate repetitive tasks, decide with real-time data and prove compliance without spreadsheets.

Request a demo See product Β· 2 min
No credit card
2-week implementation
ISO 27001 Β· GDPR
ermine.es/panel
ermine
Risks
Controls
Audits
Evidence
Reports

Risk matrix

Residual risk Β· Q4 2026

Live
Low
Med
M.high
High
Crit
5
4
3
2
1
30d trend ↓ -8 critical risks
Audit closed

ISO 27001 Β· 100% controls ok

Control efficacy

0% ↑ 12%

3 actions

require your attention

MΓ‘s de 200 equipos de compliance ya confΓ­an en ermine

MERIDIAN
CONTEK
SOLARIS
NEXCORE
ALTAVIA
BANKIA
VANTIA
ARFESA
MERIDIAN
CONTEK
SOLARIS
NEXCORE
ALTAVIA
BANKIA
VANTIA
ARFESA
Regulatory compliance

Every regulation you need,
in one place.

Pre-configured templates for the main regulatory frameworks. Connect, map controls and evidence without starting from scratch.

Most groundbreaking

EU AI Act

Artificial Intelligence Regulation

The world's first AI regulatory framework. Classifies systems by risk level, requires algorithmic transparency, and mandates governance across the model lifecycle. Full enforcement from August 2026.

AI systems Β· High risk Transparency Governance Effective 2026
See EU AI Act guide

ISO 27001

Implement and certify your Information Security Management System. 93 pre-configured Annex A controls.

See guide
Mandatory

DORA

Digital operational resilience for financial sector. In effect since January 2025.

See guide
Mandatory

NIS2

Cybersecurity for essential and important entities in critical EU sectors.

See guide
Mandatory

GDPR

Personal data protection. Applies to any organization processing data in the EU.

See guide
Voluntary

SOC 2

Controls audit for SaaS and tech providers. Required by enterprise clients.

See guide
New

CSRD

Corporate sustainability reporting (ESG). Phased application 2024-2028.

See guide
Sectoral

ENS

National Security Scheme. Mandatory for Spanish public administration and its ICT providers.

See guide

ISO 31000

International framework for risk management. Methodological foundation for any ERM programme.

See guide

ISO 9001

Quality management. Integrate quality controls with risks and audits in a single system.

See guide
See all regulations
Process

How does ermine work?

Three steps to go from regulatory complexity to total control.

01

Analysis of your situation

We connect with your risk and compliance teams in a 60-minute session. We identify applicable frameworks, the current state of your controls and priority gaps.

β†’ Output: diagnosis and personalized roadmap.

02

2-week setup

We activate your tenant, import your current controls and procedures, and map them against the frameworks you need. Your team can operate from day one.

β†’ Includes training, integrations and migrated data.

03

Continuous operations

ermine automatically collects evidence, alerts on deviations and generates the reports you need for audits and committees. Your team decides, it doesn't chase PDFs.

β†’ ERM on autopilot, you in control.

Request a free demo
Automation

Stop chasing
evidence.

ermine integrates with your Drive, Jira, Slack and internal systems to collect evidence automatically. Your team spends time deciding, not hunting down PDFs.

Automatic collection

Connect once, evidence always up to date.

Full traceability

Every control linked to its evidence and owner.

Smart alerts

Know what needs attention before the auditor does.

Excel / CSV
Google Drive
Email
ERP
CRM
ermine

0

active pieces of evidence

↑ 89 this week

SECTORS

Compliance for every industry.

Each sector has transversal regulations and sector-specific ones. ermine adapts to your industry's regulatory reality.

Banking and Finance

ermine centralizes regulatory compliance for financial institutions under DORA, NIS2, GDPR and Basel, with specific workflows for incident notification and ICT risk.

4 applicable regulations

Insurance

Integrated management of Solvency II, DORA, GDPR and ISO 27001 for insurers. ermine automates regulatory reporting and operational risk management.

4 applicable regulations

Healthcare

Compliance with ENS, GDPR for health data, ISO 27001 and ISO 9001 for healthcare organizations. ermine manages control traceability and patient safety documentation.

4 applicable regulations

Technology

For SaaS companies, ISVs and cloud service providers. ermine manages SOC 2, ISO 27001, GDPR and EU AI Act, and automates evidence collection from your infrastructure.

4 applicable regulations

Energy

Compliance with NIS2, ISO 27001 and ISO 31000 for critical infrastructure operators in the energy sector. Operational risk management and OT/IT cybersecurity.

4 applicable regulations

Public Administration

ENS, GDPR and NIS2 compliance for public bodies and their technology providers. ermine manages system categorization, the adequacy plan and CCN-CERT audits.

4 applicable regulations

Retail and Consumer

GDPR, PCI DSS and CSRD compliance for retail and consumer companies. ermine manages customer data protection, payment security and ESG reporting.

4 applicable regulations

Manufacturing

ISO 9001, ISO 31000, CSRD and OT/IT cybersecurity management for industrial companies. ermine digitizes the quality management system and supply chain risk.

4 applicable regulations

Don't see your sector? We'll help you configure ermine for your regulatory reality.

Talk to an expert β†’
We went from auditing with 14 spreadsheets to having a single source of truth. Our last ISO 27001 preparation took  three weeks instead of four months.
MR

MarΓ­a Ruiz

Head of Compliance Β· Acme Corp

FREQUENTLY ASKED QUESTIONS

Everything you need to know before the demo.

Standard implementation is two weeks. This includes tenant configuration, importing your current controls and procedures, mapping against the frameworks you need (ISO 27001, ISO 31000, DORA, etc.) and team training. For organizations with very complex compliance frameworks it can extend to four weeks.

No. ermine is designed for compliance, audit, risk and quality profiles, not engineers. The interface works with the logic you already use: procedures, controls, assessments and evidence. The typical learning curve is one or two days.

ISO 27001, ISO 31000, ISO 9001, SOC 2, DORA, NIS2, GDPR, COSO ERM, PCI DSS, HIPAA, CSRD, EU AI Act and more. They come as ready-to-use templates and you can map controls against multiple frameworks simultaneously.

ermine is hosted on European infrastructure with encryption at rest (AES-256) and in transit (TLS 1.3). We comply with GDPR and are ISO 27001 certified. Each client operates in an isolated tenant, with granular role control and a complete audit trail of all actions.

Yes. ermine is modular. You can start with one or two modules and activate the rest when you need them. All information is automatically shared between modules.

Yes. We connect with Google Drive, Microsoft 365, Slack, Jira, GitHub, Azure DevOps and other systems via API. Evidence is automatically collected from these sources, reducing manual work.

We work with an annual model based on number of users and active modules. We don't publish standard rates because we adapt each proposal to the size and needs of the organization. In a 30-minute demo we give you a fixed estimate.

You can export all your data (risks, controls, evidence, historical reports) in a structured format (CSV/JSON) at any time. No lock-in, no early termination penalties.
Start today

Replace your GRC stack.
Start in 2 weeks.

Guided implementation included. No installations, no hidden costs. Your team running from day one.

  • No credit card required
  • 2-week implementation
  • ISO 27001 Β· GDPR

Request a free demo

Our team will contact you within 24 hours.

By submitting, you accept our privacy policy.