EU evidence automation · NIS2 · DORA · ISO 27001

Stop assembling audit evidence from screenshots.

Control Ledger reads your Microsoft tenant, maps the signal to the control, and ships an evidence pack your auditor will actually accept. No spreadsheets. No quarterly fire drills.

Start a tenant scan See what gets collected

Three frameworks, one operating layer

NIS2

Risk management, incident handling, supply chain. Dutch Cybersecurity Act lands ~1 Jul 2026.

DORA

Applies since 17 Jan 2025. ICT risk management and incident reporting for financial entities.

ISO 27001

Annex A controls mapped to the Microsoft signals that prove them. Survives surveillance audits.

What it reads

Read-only collectors. No agents on endpoints. Tenant-isolated by validated token.

Microsoft Graph
Entra ID
Intune
Defender for Cloud
Azure Policy
Azure Activity Log
SharePoint
Your ITSM

Pricing

Per tenant, per framework, per business unit. Billed monthly or via Azure Marketplace with MACC burndown.

Single tenant

€1,500/mo

One Microsoft tenant. One framework. Monthly evidence pack.

Multi-framework

€2,500/mo

Three frameworks. Two business units. Exception register.

MSP / multi-entity

from €4,000/mo

Multi-tenant administration. Per-customer packs. White-label option.