Frameworks
Your frameworks. Ready to operate.
15+ frameworks natively covered on Qontrol. Native European framework (GDPR, NIS2, DORA, CRA). And any new framework delivered within 15 days on request.
Covered frameworks
ISO 27001
International reference standard for information security management (ISMS). 93 controls to win enterprise contracts and prove cyber governance maturity.
ISO 27002
Implementation guide detailing the ISO 27001 controls. Read alongside 27001 to calibrate control depth.
NIS2
EU Directive 2022/2555 extending cybersecurity obligations to essential and important entities across 18 sectors. 24h incident notification and executive accountability; transposed in France in 2025.
DORA
EU Digital Operational Resilience Act for the financial sector. In force since January 2025; covers IT risk management, resilience testing, and oversight of third-party ICT providers.
CRA
EU Cyber Resilience Act — security obligations for digital products sold in the EU market, applicable from 2027.
GDPR / CNIL
EU General Data Protection Regulation, translated by CNIL into an operational practical guide. Mandatory for any organization handling EU residents' personal data.
SOC 2
AICPA (US) attestation for service organizations handling customer data. Now essential for SaaS vendors selling to US enterprises, built around 5 Trust Services Criteria.
TISAX
Information security standard for the automotive industry
AirCyber
Cybersecurity framework for the aeronautics industry
CyFun
Belgian cybersecurity framework
IT Hygiene Guide (ANSSI)
42 hygiene rules published by ANSSI covering information system security fundamentals. Recognized technical baseline for French public bodies and sensitive-industry companies.
Cybersecurity for SMBs (ANSSI)
Practical guide for small businesses (France)
Bpifrance
Cybersecurity diagnostic for SMBs (France)
CIS v8.1.2
Center for Internet Security security controls
NIST CSF
US framework for cybersecurity risk management
SecNumCloud
ANSSI qualification for cloud services (France)
Assess your compliance against these frameworks
Start with a Usage Diagnostic: 3 min/day over 10 days per team member, and you get a prioritized action plan mapped to ISO 27001, NIS2, DORA and your other frameworks.
A specific framework? Delivered in 15 days.
Sector regulation, national framework, a principal's internal grid… Qontrol commits commercially to integrating any new framework requested by a client within 15 days. Your compliance advances at the pace of your business.
Request framework integration →A European platform for European frameworks
Qontrol is a European solution hosted in France at OVH, natively aligned with European regulatory frameworks (GDPR, NIS2, DORA, CRA). Your data and your clients' data stay within the European legal space.
FAQ
Frequently asked questions
Which framework to start with?
The framework that matches your ecosystem: ISO 27001 for international, NIS2 if you are an essential or important entity in Europe, DORA if you are regulated in the financial sector, GDPR for personal data protection. Qontrol lets you handle several in parallel.
How does Qontrol structure a framework?
Each framework is pre-broken down into actionable audit points, explained in plain language, mapped to security controls and documentation resources. You get a clear picture of your posture in hours, not weeks.
Does Qontrol cover NIS2?
Yes, NIS2 is natively integrated into the platform. You assess your maturity, identify gaps, manage your remediation plan and produce the reports expected by your competent authority.
Does Qontrol cover DORA?
Yes, DORA is integrated. Particularly relevant for EU financial entities (ICT, insurance, asset management) subject to the digital operational resilience requirement.
A framework specific to my sector is missing. What do I do?
Contact the Qontrol team. We commit to integrating any framework requested by a client within 15 days.
Does Qontrol cover US frameworks?
NIST CSF is integrated. SOC 2 is integrated. We add other international frameworks on request (15-day commitment).
Can several frameworks be combined for the same client?
Yes. A single client workspace can be assessed on multiple frameworks simultaneously. Useful when an organization combines several requirements (e.g. ISO 27001 + NIS2 + GDPR).