ISO 27001
Information security
The global baseline buyers ask for. Run a full ISMS with risks, controls and Statement of Applicability mapped end-to-end.
Compliance for UK & EU regulated markets
The compliance platform built to win UK and EU regulated-market deals
When a customer demands ISO 27001 or a tender requires DTAC, Naq turns the standard that is blocking the deal into the proof that closes it.
- Every framework, one system
- Reuse evidence across frameworks
- Continuous compliance monitoring
WIP · To be replaced
Live in the platformMulti-framework GRC
.webp)
Our Customers Win More
“The Naq platform makes the whole process remarkably seamless to complete, offering intuitive means to easily share our compliance status.”
TA
Dr Taz Aldawoud
Founder & CEO, Doc Abode
0UK & EU frameworks, one workspace
0%Control reuse across mapped frameworks
0minFrom booking to a working demo
0Connected system instead of a stack of docs
Get started with Naq
Compliance is where regulated-market deals are won or lost
- A customer asks for ISO 27001 before they will sign.
- A tender requires DTAC.
- The security questionnaire holding up your biggest contract wants evidence you cannot produce yet.
Every one of these moments puts revenue on hold until you can show proof. Naq gets you to the proof faster, then keeps it current so the next deal moves quicker than the last.
One connected system
Complete a control once. It counts everywhere it maps.
Controls, risks, incidents, evidence and frameworks link to each other, so your compliance runs as one live system rather than a stack of documents that drift out of date. The work you do for one standard carries straight into the next, and a buyer's security review becomes an export rather than a project.
Multi-framework GRC
Prove every standard with one set of evidence.
Run every standard from one workspace. Shared controls map across frameworks, so the evidence you gather for ISO 27001 quietly powers DSPT, DTAC and Cyber Essentials in the background.
Risk, safety and CAPA
Close every risk before it becomes an incident.
Log risks and clinical hazards in a unified register with 5×5 scoring, then let CAPA workflows carry each one from root cause to corrective action without anything slipping through the cracks.
Document lifecycle
Keep every policy audit-ready, automatically.
Move policies from draft to approved in a controlled workflow with semantic versioning and enforced reviews. Edit an existing PDF in place, so you never lose the audit trail to a desktop folder.
Compliance training
Show competence without chasing certificates.
Assign structured courses and assessments per employee, with automatic renewals and reminders. Every completion ties back to a control as evidence of competence, ready when the auditor asks.
Asset registry
Spot gaps before a buyer or auditor does.
Keep people, devices and vendors in one place with per-user MFA and access tracking. Naq flags missing vendor DPAs proactively, so gaps surface before a buyer or auditor finds them.
AI assistant
Answer compliance questions in seconds, not days.
Get on-demand summaries and evidence checks across your whole programme. Read-only by design, so it accelerates your team without ever quietly editing the formal record.
Connected by design
Update one thing. Your whole programme updates with it.
Risks link to controls, incidents spawn CAPA, evidence maps to frameworks. A live compliance knowledge graph that updates itself as you work. No more silos, no more stale spreadsheets.
Map once, reuse everywhere
Add a framework. Reuse the evidence you already have.
Every new standard a customer or tender adds, whether ISO 9001, Cyber Essentials Plus or an NHS DTAC requirement, starts from what you have already proven. Naq checks your existing evidence against the new framework and shows how much is already covered, so you fill the gaps and move on rather than starting again.
Adding the next certification gets cheaper every time.
Naq closes the gaps · every framework reaches 100%
IllustrativeNaq engine
Maps controls. Fills gaps.
Evidence reused across every framework
ISO 2700162%
Closed remaining 38%
+38%NHS DSPT41%
Mapped + auto-evidenced
+59%Cyber Essentials74%
Shared with ISO 27001
+26%NHS DTAC28%
Pre-mapped, gaps filled
+72%Naq does the mapping and evidencing. You end up at 100%, not 60%
Frameworks
The standards your market runs on
Adopt any standard your customers and regulators require, then run them in parallel without duplicating controls or evidence. The UK and EU frameworks that gate NHS, public-sector and European deals are pre-mapped and ready, alongside the security, privacy and quality standards every B2B buyer checks for.
Cyber Essentials
UK baseline
The minimum security bar for UK government and most enterprise buyers. Self-assessment workflow with evidence attached at every control.
Cyber Essentials Plus
Audited baseline
The audited step up from Cyber Essentials. Audit-ready evidence, scoping notes and remediation tracking in one place.
NHS DSPT
NHS data security
Mandatory for anyone handling NHS data. Pre-mapped assertions and evidence requirements, refreshed for the current submission window.
NHS DTAC
Digital health compliance
The NHS digital technology assessment. Clinical safety, data protection, security and usability evidence collected in one place.
DCB 0129
Clinical risk management
Clinical safety case workflow with hazard logging, risk scoring and CSO sign-off built in, not a separate spreadsheet.
UK & EU GDPR
Data protection
ROPA, DPIAs, DSARs and vendor DPAs run as live processes, with your DPO inside the same workspace as the rest of compliance.
ISO 9001
Quality management
A QMS that shares process, document and audit infrastructure with your security programme. One system instead of two.
Custom frameworks
Your own standards
Build internal frameworks, customer-specific requirements or a tender's bespoke control set, and map them to controls you already have.
More frameworks added regularly, including sector-specific standards on request.
Why Naq
Close more deals with complete compliance
Get compliant, fast
Whether it's ISO 27001, Cyber Essentials, NHS DSPT or DTAC, Naq gets you audit-ready quickly. Pre-mapped controls, evidence collected as you work and in-house experts on hand for the judgement calls.
Meet multiple requirements, continuously
Run every standard your buyers ask for from one workspace. Shared controls map across frameworks, reviews stay enforced and an immutable audit trail keeps your evidence live, not stale.
Grow your business with new frameworks
When the next deal needs a new standard, add it and reuse what you already have. Naq shows how much is covered and fills the gaps, so every certification you add unlocks more revenue and costs less than the last.
People and intelligence
The judgement work has a named human
Expert support, in-house
Clinical Safety Officers and virtual DPOs work alongside the platform, so the work that needs a qualified human is part of the package rather than a separate engagement and a separate bill. Cyber Essentials certification stays under one roof, because Naq is also an IASME Certifying Body.
AI that earns its trust
The assistant helps you read your programme and never rewrites it. Ask for a summary of your controls, risks or incidents and get an answer in seconds. It evaluates evidence and surfaces status, and it stays out of the formal record entirely. (Read-only by design.)
How it works
From blocked deal to shareable proof
- 1
Map your frameworks
Tell Naq the standards your market requires. The pre-mapped control library and OCR uploader pull in what you already have, so you start from where you are, not from zero.
- 2
Close the gaps with experts on hand
Real-time progress shows exactly what is left per framework. The platform handles the repeatable work, and the in-house experts cover the judgement calls.
- 3
Share proof when a buyer asks
Export current evidence on demand to clear a security review, then reuse it across every framework it maps to as the next deal lands.
Proof you can show a buyer
Vormats reached ISO 27001 with Naq, then reused that evidence to clear customer security reviews without starting a fresh project each time.
Questions buyers ask before a demo
Frequently asked
Still have questions? Walk through your frameworks with our team.
Book a 15-min callWalk out knowing your next certification is half-built
In fifteen minutes, the team will walk you through the platform against the frameworks your market runs on, against your own evidence rather than a generic demo account. You will leave knowing how much of your next certification you can already cover.
Or look first. Explore the platform or read a framework guide, no form required.