StartComply
Posidonia 2026 · Maritime Edition
Governance · Risk · Compliance

Your complete guide to the GRC world.

One platform for all your organisation's Governance, Risk and Compliance needs, across multiple frameworks.

presented by
The challenge
Four frameworks bearing down, and compliance still runs on spreadsheets, email and disconnected tools.
Visibility · Remediation · Supplier risk · Audit readiness
StartComply 03 Foundations
What is GRC

Governance, Risk
& Compliance

StartComply is a versatile reporting tool for compliance with NIS2, ISO/IEC 27001 and DORA, bringing one discipline to obligations that are otherwise scattered across teams and tools.

G Governance

Policies, ownership and accountability, defined and enforced across the organisation.

R Risk

Identify, assess and reduce exposure as a continuous practice, not an annual review.

C Compliance

Map every obligation to evidence, audit-ready against each framework.

03 / 26
StartComply 04 Frameworks
The landscape

Four frameworks,
one platform

NIS2 EU Directive

Comprehensive, strict cyber-risk measures with supervision, enforcement and self-assessment. Accountability for non-compliance sits at board level.

Directive (EU) 2022/2555 · Greece: Law 5160/2024
DORA EU Regulation

Operational resilience for financial entities and their ICT providers, harmonised across twenty categories of organisation.

Regulation (EU) 2022/2554
ISO/IEC 27001 Standard

The international standard for an information-security management system: establish, maintain and continually improve, to best practice.

ISO/IEC 27001:2022
IMO Maritime

Cyber risk must be managed within the ship’s Safety Management System under the ISM Code, for vessels and the fleets behind them.

Resolution MSC.428(98)
04 / 26
StartComply 05 The platform
The platform

Compliance, made
continuous and automated.

StartComply is a compliance automation and cyber-risk platform, built to take an organisation from scattered effort to a single, continuous process.

  • Policies, controls, risk and evidence in one platform
  • Automated workflows and audit preparation
  • Real-time visibility for executives and auditors
  • Continuous compliance, not periodic assessments
05 / 26
StartComply 06 Capabilities
Capabilities

Complete feature set

01
Management & monitoring Continuous compliance oversight
02
Multi-framework scalability NIS2, ISO 27001, DORA, IMO
03
Automated policy generation Framework-aligned, versioned
04
Compliance assessment Scored against each standard
05
Guidance & recommendations Prioritised remediation paths
06
Gap analysis Across multiple frameworks
07
Technical reporting Audit-ready detail
08
Multi-tenant operation Many organisations, one console
09
Management controls Owners, evidence, status
10
Vulnerability detection Organisation and assets
11
Third-party risk (TPRM) Supplier questionnaires + scoring
12
Vendor domain scanning External, non-intrusive VA
06 / 26
Access & Tenancy

Secure access,
many organisations.

StartComply 08 Access & Tenancy
Access control

Secure login,
by default

Access across the platform is protected by two-factor authentication, so every session is verified before it begins.

  • Email and password, then a one-time passcode
  • Passcode delivered to your inbox
  • Access scoped by role and organisation
Secure login screen
08 / 26
StartComply 09 Access & Tenancy
Multi-tenant

One console,
every organisation

Create multiple organisations under a parent group, and let one user manage them all from a single login.

  • One user, many organisations
  • Quick switching without logout
  • Fewer errors, more accuracy
  • Ideal for MSSPs and consultants
  • Clear compliance per entity
Organisation information console
09 / 26
Compliance & Assessment

Know where you
stand.

StartComply 11 Compliance & Assessment
Central console

A dashboard for
every organisation

The dedicated dashboard gives an immediate overview of each organisation's compliance status, easing monitoring, prioritisation and documentation against NIS2, ISO 27001 and DORA.

StartComply dashboard, available compliance frameworks
11 / 26
StartComply 12 Compliance & Assessment
Detailed view

Every framework,
its own overview

A description, the key pillars, source documents and live statistics, in a single view for each framework.

  • Instant overview of the compliance level
  • Easy prioritisation of actions
  • Support for strategic management and reporting
  • Risk reduction, no external reporting tool
  • Simplified control across the monitoring process
  • Internal and external audit support
Framework detailed view
12 / 26
StartComply 13 Compliance & Assessment
Compliance assessment

From gaps to
continuous progress

A compliance score for every framework turns assessment into a clear, continuously monitored picture, not an annual sample.

  1. 01
    Effective gap management
    See and close what is missing
  2. 02
    Compliance & risk reduction
    Controls and evidence in place
  3. 03
    Continuous progress monitoring
    Status tracked, not sampled
13 / 26
StartComply 14 Compliance & Assessment
Self-assessment

Assess compliance,
question by question

A guided questionnaire covers each framework's requirements for a clear, systematic view of where the organisation stands.

  • Simplifies and accelerates the compliance assessment
  • Reduces audit time and cost
  • Ensures full coverage of regulatory requirements
NIS2 self-assessment questionnaire
14 / 26
StartComply 15 Compliance & Assessment
Reporting

The detailed
compliance report

Statistics, completion rate and gap analysis, broken down to the individual control, with remediation recommendations.

Detailed compliance report
15 / 26
StartComply 16 Compliance & Assessment
Control-level detail

Down to the
individual control

Beneath each framework score, every pillar is tracked and gap-analysed, with the assessments and policies that feed the number.

0% assessed
  • Answered 96
  • Remaining 4
0% policies
  • Complete 78
  • Pending 22
NIS2 · framework pillars
Network architecture 100%
Access control 100%
Endpoint security 92%
Incident response 88%
Email security 76%
Remote access 70%
Firewall & filtering 64%
Application security 58%
Vendor management 45%
Business continuity 33%
16 / 26
Policies & Integrity

Policies you can
prove.

StartComply 18 Policies & Integrity
Policy register

Every required
policy, tracked

One register lists every policy the frameworks require, with its status and owner, so nothing falls through the cracks.

  • Coverage mapped to NIS2, ISO 27001 and DORA
  • Status and ownership at a glance
  • Gaps surfaced before an audit finds them
Organisation policies register
18 / 26
StartComply 19 Policies & Integrity
Authoring

Framework-aligned
templates, customised

Generate a policy from a framework-aligned template, then adapt the title, description and content to the organisation, all in one editor.

  • Template selection · NIS2, ISO 27001, DORA
  • Controlled customisation · title, description, content
  • Full alignment with each framework
Policy template editor
19 / 26
StartComply 20 Policies & Integrity
Version control

Every version
kept, audit-ready

Each revision is retained with full history, one click to preview or download, so you can prove exactly what was in force and when.

  • Versioning history with full traceability
  • One-click preview and download
  • Audit-ready record of every change
Policy version management
20 / 26
StartComply 21 Policies & Integrity
Content integrity

Traceability,
watermarked in

Steganography embeds a discreet, invisible watermark in every document, proving origin without affecting readability or integrity.

Steganography check
21 / 26
Third-Party Risk

See the whole
supply chain.

StartComply 23 Third-Party Risk
Third-party risk (TPRM)

Risk across the
supply chain

Identify and score the risk of external partners and service providers through automated questionnaire dispatch, tracked in a single vendor risk register.

  • Visibility and control across the supply chain
  • Secure collaboration with third-party vendors
  • Supply-chain risk against NIS2, DORA and ISO 27001:2022
Third-party vendor risk register
23 / 26
StartComply 24 Third-Party Risk
External VA · vendors

Scan vendors
from the outside

An external domain assessment scores objective risk and documents findings against NIS2, ISO 27001:2022 and DORA. Powered by KYND.

  • Objective, audit-ready risk scoring
  • Findings documented with remediation steps
  • Mapped to NIS2, ISO 27001:2022 and DORA
Vendor security scan details
24 / 26
StartComply 25 Third-Party Risk
External VA · organisation

Scan the organisation,
continuously

Automated external scanning assesses the organisation's own exposure and generates a detailed report with remediation recommendations.

  • Audit-ready scoring, for an auditor or risk register
  • Non-intrusive domain VA, no interference to systems
  • A synthetic, comparable score per vendor
  • Early supply-chain warnings, before incidents
app.startcomply.com/vulnerability-scan
External vulnerability scan Active
Risk score
6 High
24 Medium
36 Low
Reports
Vulnerability report #2 14 Jun 2026 Completed
External surface scan 11 Jun 2026 In review
Domain exposure report 07 Jun 2026 Action needed
25 / 26
StartComply presented by Optima Cyber
Get started

Book your 15-minute demo.

From a manual, audit-driven exercise to a continuous, automated process.

Web
optima-cyber.com
Email
info@optima-cyber.com
Phone
+30 210 6897383