Cyber Horizon
The unified GRC + Security platform

Automate GRC.
Quantify risk.
Stay compliant.

One platform to automate compliance, quantify cyber risk in financial terms, and run security operations — across 72 frameworks, built for CISOs and the teams behind them.

Unlimited frameworks Deploy in weeks EU data residency
horizon // preview
82posture
+6 this quarter
Open risks
9
Controls
142
Frameworks
39
Threat feedsample
  • Critical CVE · remote code executionCritical
  • IOC match · C2 beacon activityHigh
  • Lookalike domain · brand impersonationMedium

Illustrative product preview.

ISO 27001ISO 22301ISO 27002ISO 27017SOC 2ISO 42001ISO 27005ISO 20000ISO 27032ISO 27035ISO 27701ISO 27018GDPRCCPA/CPRANIST PrivacyLGPDPIPEDAPOPIAPIPLAPPIAU Privacy ActCH FADPTH PDPAUK GDPRUK CAFOWASP ASVSOWASP SAMMNIST 800-63ISO 27031ISO 27034ISO 27036AU ISMDORANYDFS 500SWIFT CSPSOX ITGCGLBAFFIECPCI 3DSCMMCFedRAMPNIST 800-53SOC 1NIST 800-171NIST AI RMFEssential EightMAS TRMSG PDPAIndia DPDPAPRA CPS 234Korea ISMS-PCSA STARBSI C5ISMAPFISMAStateRAMPHITRUSTHIPAANHS DSPTHITECHCIS ControlsNIST CSFNIS2COBITISO 31000ISO 9001ITIL 4Cyber EssentialsCyber Essentials PlusEU AI ActTISAXPCI DSSISO 27001ISO 22301ISO 27002ISO 27017SOC 2ISO 42001ISO 27005ISO 20000ISO 27032ISO 27035ISO 27701ISO 27018GDPRCCPA/CPRANIST PrivacyLGPDPIPEDAPOPIAPIPLAPPIAU Privacy ActCH FADPTH PDPAUK GDPRUK CAFOWASP ASVSOWASP SAMMNIST 800-63ISO 27031ISO 27034ISO 27036AU ISMDORANYDFS 500SWIFT CSPSOX ITGCGLBAFFIECPCI 3DSCMMCFedRAMPNIST 800-53SOC 1NIST 800-171NIST AI RMFEssential EightMAS TRMSG PDPAIndia DPDPAPRA CPS 234Korea ISMS-PCSA STARBSI C5ISMAPFISMAStateRAMPHITRUSTHIPAANHS DSPTHITECHCIS ControlsNIST CSFNIS2COBITISO 31000ISO 9001ITIL 4Cyber EssentialsCyber Essentials PlusEU AI ActTISAXPCI DSS
72
Frameworks supported
20+
Tool integrations
99.9%
Uptime SLA
24/7
Continuous monitoring

// Inside the platform

See it work — not just hear about it.

Click through the surfaces your team lives in every day. One platform, one evidence trail, every workflow connected.

app.cyberhorizon.co/compliance/iso-27001
sample data
ISO/IEC 27001:2022
Information Security Management · 93 Annex A controls
66%
61/93 implemented
61
Implemented
14
In Progress
9
Partial
7
Not Implemented
2
N/A
  • A.5.1Implemented
    Policies for information security
    A.5 Organizational · 12 evidence items · reviewed 04/06/2026
  • A.5.2Implemented
    Information security roles and responsibilities
    A.5 Organizational · 5 evidence items · owner: CISO
  • A.5.3In Progress
    Segregation of duties
    A.5 Organizational · evidence request open · due 18/07/2026

Every control tracked to evidence.

Work the full ISO 27001 Annex A control set — and 71 more frameworks — with live implementation status, categories and one-click export.

// How it works

From connected to audit-ready.

A single workflow takes you from raw infrastructure to board-ready reporting — no spreadsheets in sight.

1

Connect

Link your cloud, identity, and ticketing stack in minutes — no agents, no rip-and-replace.

2

Automate

Evidence is collected continuously and mapped across all 72 frameworks at once.

3

Quantify

Cyber risk is translated into financial impact your board actually understands.

4

Report

Generate audit packs and live executive dashboards with a single click.

// One platform, nine modules

Everything your GRC team needs, unified.

From threat intel to audit-ready compliance — every module works from one shared evidence trail.

Threat Intelligence

Live threat feeds, IOC scanning, breach & leak-site monitoring, domain & attack-surface monitoring, and CVE lookups — enriched with AI attribution and MITRE ATT&CK mapping.

Incident Response

Case management with kanban boards, AI enrichment, playbook automation, containment actions, root-cause analysis and lessons-learned — integrated with your GRC evidence trail.

Compliance Centre

Multi-framework compliance across ISO 27001, SOC 2, NIST CSF, PCI DSS, GDPR, Cyber Essentials & more. Track controls, map evidence, and generate audit packs instantly.

Questionnaire AI

Auto-respond to security questionnaires using your existing controls and policies. Save hours on customer due diligence with AI-powered answer suggestions.

Vendor Risk Management

End-to-end vendor assessments, automated questionnaires, contract tracking, risk scoring, supply-chain breach intelligence, and domain impersonation alerts per vendor.

AI Risk Advisor

AI-powered gap analysis, control effectiveness scoring, and compliance reporting. CISO Copilot for instant GRC advice, and financial risk quantification.

Tabletop Exercises

Run realistic cyber incident simulations with AI-generated scenarios, track participant responses, measure team readiness, and generate post-exercise reports.

Compliance Automation

Automate evidence collection, continuous control monitoring, policy attestation, and audit workflows — dramatically reducing manual effort across every framework.

// Built differently

Faster, clearer, smarter than legacy tools.

AI-First Architecture

  • Automated evidence collection cuts audit-prep effort
  • Continuous control monitoring reduces compliance risk
  • Threat intelligence mapped to MITRE ATT&CK surfaces risk early

Enterprise Grade, Startup Speed

  • Deploy in weeks, not months
  • Cloud-native, zero legacy baggage
  • 99.9% SLA with zero-downtime deployment

Business Language, Not Jargon

  • Executive reports translate risk to financial impact
  • Board-ready metrics without extra work
  • Risk quantification ties security to outcomes

Compliance as Code

  • Multi-framework automation (ISO, SOC 2, NIST, PCI)
  • Version control for policies and controls
  • Audit-ready documentation, always current

Built to integrate with your stack

AWSAzureGoogle CloudOktaEntra IDCrowdStrikeSentinelOneDefenderSnykTenableQualysGitHubGitLabJiraSlackCloudflareIntuneJamfKnowBe4Google Workspace

20+ integrations across cloud, identity, endpoint, vulnerability, code and HR — each running automated checks against your live environment.

// Trust & security

Trust what you can verify.

We hold ourselves to the standards we help you achieve — and publish our posture so you can check it, not take our word for it.

GDPRActive

UK ICO registered, with a public DPA and subprocessor list.

ISO 27001In progress

Target Q3 2026 — run on the same Compliance Centre we sell.

SOC 2 Type IIIn progress

Target Q4 2026, with independent security testing throughout.

AES-256 + TLS 1.3Enforced

Data encrypted at rest and in transit; MFA required for all users.

EU data residencyDefault

EU by default with UK/US on request, and strict tenant isolation.

99.9% uptime SLAContractual

A published SLA with service credits — not a marketing number.

Free self-assessment

See exactly where your SOC 2 / ISO 27001 gaps are.

Answer 10 quick questions and get an instant, scored read-out across your key control areas — the strengths to lean on and the gaps worth fixing first. A directional starting point, not a formal audit. Free, ~2 minutes, no signup to see your score.

  • Instant readiness score across every key control area
  • A prioritised gap list your team can act on this week
  • Benchmark your posture before you ever talk to an auditor
~2 minutes No signup to see your score Directional, not a formal audit
readiness check // coverage
10
questions
~2
minutes
2
frameworks
SOC 25 Trust Services Criteria
SecurityAvailabilityProcessing IntegrityConfidentialityPrivacy
ISO 27001:20224 control themes · 93 controls
OrganizationalPeoplePhysicalTechnological

The check is built around SOC 2 and ISO 27001:2022. Free — no signup to see your score.

// Get started

Built for security practitioners.

Everything you need to run governance, risk, and compliance — included from day one, with hands-on onboarding to get your team live fast.

Straightforward Pricing

Core platform included from day one — clear tiers, no per-module upsells, no surprise add-ons.

Built With Practitioners

Shaped by working security teams, with a roadmap driven by real-world needs.

Dedicated Onboarding

We set up your first framework, import your controls, and train your team.

Ready to transform your
GRC programme?

Replace manual spreadsheets with automated compliance, quantified risk, and live security intelligence.