tormine://nodes/eu-1 · session secure · build 0.4.7-dev
COMPLIANCE · RISK · TESTING
TORMINE
$ ./tormine --statusstage: active development · early access open
>>>------------------------------------------------------------------------>
// CYBER COMPLIANCE OPERATIONS

TORMINEStorm-grade compliance.
Audit-ready output.

Tormine is an AI-assisted cyber compliance, risk and testing workspace being built for teams that need evidence, policies and security posture clarity — without the spreadsheet chaos.

ISO 27001NIS2SOC 2DORAGDPRAPRANYDFSPCI DSS
▶ REQUEST EARLY ACCESS⚙ SEE WHAT TORMINE WILL COVER
15
MODULES
28
FRAMEWORKS
DEV
STATUS
// LIVE FEED — /var/log/tormine.audit
tormine.audit · tail -futc 03:14:07
root@tormine:~$ init --workspace acme-corp
ok · workspace mounted
tormine:~$
GAP SCAN
OK
POLICIES
DRAFT
FINDINGS
7 CRIT
$ dmesg | grep torminekernel · userland · ok
[ OK ] POST · cryptographic self-test ............ OK
[ OK ] MOUNT /controls (28 frameworks / 713 clauses) OK
[ OK ] INIT ai-gap-engine v0.4 ................... OK
[ OK ] LOAD policy-generator (126 templates) ...... OK
[ OK ] ATTACH risk-register, supplier-register ... OK
[ OK ] OPEN connectors: aws · google-drive · m365OK
$ cat /var/log/compliance.errors5 recurring incidents
// THE PROBLEM

Compliance posture degrades silently.

0001spreadsheet rotControls tracked in 14 different .xlsx files. Nobody knows which is current.
0002evidence chaosScreenshots in Slack DMs. Policies in Google Docs. Logs in S3. Audit in 2 weeks.
0003framework overlapISO, NIS2 and SOC 2 ask the same things in different words. You answer them three times.
0004pentest in PDFFindings live in a static report. Remediation lives in nobody's backlog.
0005risk in someone's headThe CISO knows the top risks. The risk register doesn't.
$ tormine modules --list15 built modules · roadmap visible
// WHAT TORMINE DOES

A living compliance workspace — not a static spreadsheet.

MODULE · M01
FRAMEWORK ORDER HUB

Customer-facing order and intake flow for framework-specific compliance assessments.

MODULE · M02
AI GAP ANALYSIS

Structured assessment answers, evidence and connector data analyzed by queued AI jobs with operator review.

MODULE · M03
CONTROL MATRIX

Clause-by-clause answers, verdicts, scope filtering, cross-framework mappings and implementation tracking.

MODULE · M04
EVIDENCE VAULT

Per-clause uploads, secure downloads, signed links, evidence packs and file parsing for DOCX/PDF/MD/TXT.

MODULE · M05
SOA + REPORTS

Statement of Applicability exports, assessment reports, PDF packages and evidence bundle downloads.

MODULE · M06
POLICY TEMPLATES

126 imported policy templates with preview, clause mapping, customer requests and admin approval workflow.

MODULE · M07
POLICY TAILORING

Subscription plans, AI-assisted draft writing, markdown review, approval and monthly billing.

MODULE · M08
CONNECTORS

Implemented AWS, Google Drive and Microsoft 365/Graph connectors for evidence collection and AI gap fill.

MODULE · M09
RISK REGISTER

Risk library import, scoring, owners, treatment status and editable register records.

MODULE · M10
DORA ICT REGISTER

Supplier/provider register for DORA Article 30 with catalog support and CSV export.

MODULE · M11
PENTEST ORDERING

Operator-led engagement ordering, quote calculation, scope-based pricing and engagement placement.

MODULE · M12
PENTEST TARGETS

Target inventory, ownership verification and per-target management for security testing.

MODULE · M13
SCAN REPORTS

Pentest scan records, start/show/export flows and report output ready for backend scan import later.

MODULE · M14
NOTIFICATIONS

In-app notification bell, preferences, AI-complete and assessment-delivered notifications.

MODULE · M15
HELPDESK + SETTINGS

Customer helpdesk, FAQ, account/company settings, add-on subscriptions and onboarding wizard.

$ tormine frameworks lsreadiness · gap analysis · evidence mapping
// FRAMEWORK READINESS

One workspace, many control sets.

Tormine maps overlapping requirements once across 28 supported frameworks and 713 seeded clauses. Built for readiness and continuous gap analysis, not for issuing certifications.

Framework
Region
Clauses
Status
ISO/IEC 27001:2022
GLOBAL
140
[ SUPPORTED ]
ISO/IEC 27017:2015
GLOBAL
7
[ SUPPORTED ]
ISO/IEC 27018:2025
GLOBAL
16
[ SUPPORTED ]
ISO 22301:2019
GLOBAL
27
[ SUPPORTED ]
ISO/IEC 42001:2023
GLOBAL
37
[ SUPPORTED ]
SOC 1 / ITGC
US
12
[ SUPPORTED ]
SOC 2 TSC 2017
US
61
[ SUPPORTED ]
SOX / ICFR ITGC
US
12
[ SUPPORTED ]
SEC Cyber Disclosure
US
6
[ SUPPORTED ]
NYDFS 23 NYCRR 500
US
17
[ SUPPORTED ]
PCI DSS 4.0.1
GLOBAL
21
[ SUPPORTED ]
NIS2
EU / EE
16
[ SUPPORTED ]
DORA
EU / FIN
21
[ SUPPORTED ]
MiCA
EU
27
[ SUPPORTED ]
E-ITS
EE
111
[ SUPPORTED ]
EBA ICT Risk
EU / FIN
12
[ SUPPORTED ]
EBA Outsourcing
EU / FIN
10
[ SUPPORTED ]
TIBER-EU
EU / FIN
8
[ SUPPORTED ]
UK FCA/PRA Op Resilience
UK / FIN
9
[ SUPPORTED ]
APRA CPS 230
AU / FIN
12
[ SUPPORTED ]
APRA CPS 234
AU / FIN
20
[ SUPPORTED ]
OSFI B-13 / B-10
CA / FIN
12
[ SUPPORTED ]
MAS TRM
SG / FIN
14
[ SUPPORTED ]
HKMA TM-G-1 / OR-2
HK / FIN
12
[ SUPPORTED ]
FFIEC IT Handbook
US / FIN
12
[ SUPPORTED ]
SWIFT CSCF v2025
GLOBAL / FIN
33
[ SUPPORTED ]
BSI C5:2020
DE / CLOUD
17
[ SUPPORTED ]
BaFin BAIT
DE / FIN
11
[ SUPPORTED ]
* Tormine supports readiness, gap analysis, evidence collection and documentation. It does not issue formal certifications.
$ tormine gap-analysis --ai-assistscan complete · 03:14:08
// AI-ASSISTED GAP ANALYSIS

Answer once. Map everywhere.

Answer structured questions, upload existing evidence, or connect a system — Tormine's AI maps the input against your target frameworks, flags missing or weak controls, and proposes the next concrete action.

  • structured questionnaires per framework
  • evidence upload + automatic control tagging
  • AI-suggested remediation per gap
  • overlap detection across frameworks
$ tail control-matrix114 controls · iso 27001
COVERED
PARTIAL
GAP
N/A
$ tormine policies generate --missing9 drafts queued · review required
// AI POLICIES & DOCUMENTS

Generate the documents auditors keep asking for.

Generate individual documents or whole document sets based on your framework target, business context and identified gaps. Edit, version and approve — then map them to controls as evidence.

[+]Information Security Policy
[+]Access Control Policy
[+]Incident Response Plan
[+]Business Continuity Plan
[+]Vendor Security Policy
[+]Risk Management Procedure
[+]Asset Management Policy
[+]Acceptable Use Policy
[+]Backup and Recovery Policy
// EVIDENCE VAULT

One place every auditor's request lands.

Evidence
Source
Control
State
AWS IAM password policy.json
aws-connector
A.9.4
FRESH
Backup restore test 2026-04
upload
A.12.3
FRESH
MFA enforcement screenshot
m365
A.9.4
AGED
Incident drill minutes Q1
upload
A.16.1
FRESH
Vendor SOC 2 report — Acme
supplier
A.15.1
MISSING
$ tormine risks ls --owner allregister · v3.2
// RISK REGISTER

Risks with owners, scores and history.

ID
Risk
Sev
Status
R-014
Ransomware via phishing
HIGH
MITIGATING · j.tamm
R-021
Cloud key leakage
CRIT
OPEN · m.kask
R-009
Single supplier outage
MED
ACCEPTED · ciso
R-031
Insider data exfil
MED
MITIGATING · j.tamm
R-005
Backup not tested
LOW
TREATED · ops
$ tormine suppliers --criticalvendor oversight
// SUPPLIER REGISTER

Who you depend on — and what they hold.

Vendor
Service
Crit
Evidence
Review
AWS
infra
CRIT
DPA · SOC 2
OK
Stripe
payments
HIGH
PCI DSS
OK
Acme Helpdesk
support
MED
REVIEW
MailGorilla
email
MED
DPA
OK
Tiny LLC
consulting
LOW
NDA
EXPIRED
$ tormine pentest --engagement Q2-2026-EXTlive monitoring · findings sync
// PENTEST WORKFLOW

Pentests stop being a PDF on a shared drive.

Manage the engagement end-to-end: test process, findings, severity, affected assets, screenshots and evidence, remediation status, executive summaries — and the final report.

  1. [01] scope · assets · stakeholders
  2. [02] live finding intake
  3. [03] evidence + screenshots attached
  4. [04] remediation tracking
  5. [05] executive summary + signed report
  6. [06] findings → risk register + controls
// LIVE FINDINGS
ID
Finding
Sev
Status
F-101
SQLi · /api/v1/users
CRIT
OPEN
F-098
Stored XSS · admin panel
HIGH
IN PROGRESS
F-094
Outdated TLS on edge LB
MED
FIXED
F-088
Verbose error messages
LOW
ACCEPTED
Findings auto-link to assets, risks and the relevant ISO/NIS2/SOC 2 controls.
$ tormine scans queueorchestration · planned module
// AI-ASSISTED SCANNING

Run checks. Import scans. Close the loop.

Planned technical testing and scan orchestration: run lightweight checks, import results from external scanners, map findings to risks and controls, and track remediation alongside the rest of your posture.

SCAN QUEUE — tail
tls-checkedge.tormine.com[DONE]
dns-hygienetormine.com/*[DONE]
cloud-misconfigaws/eu-west-1[RUNNING]
secrets-scangithub/tormine/*[QUEUED]
ext-pentest-importQ2-2026.pdf[PARSING]
$ tormine connectors --listdesigned to integrate
// INTEGRATIONS

Pull evidence in — automatically.

Tormine is designed to integrate with cloud and collaboration platforms so security posture and evidence can be gathered continuously instead of chased every audit cycle.

AWS[ READY ]
iam · cloudtrail · config
Microsoft Azure[ READY ]
tenant · defender
Google Workspace[ READY ]
admin · drive · login audit
Microsoft 365[ BETA ]
entra · purview
Slack[ BETA ]
audit log · alerts
GitHub[ PLAN ]
secrets · branch policy
Jira / Linear[ PLAN ]
remediation tickets
SIEM / EDR[ PLAN ]
incident bridge
$ tormine posture --livecontinuous · not a snapshot
POSTURE
72%
iso 27001 readiness
OPEN GAPS
23
7 critical · 11 medium
POLICIES
34/41
approved & in force
EVIDENCE
218
fresh artifacts < 90d
REQUEST EARLY ACCESS
tormine.com / build list
// JOIN THE BUILD LIST

Tormine is being built. Get in early.

We're onboarding design partners: CISOs, IT managers, MSPs, security consultants and founders preparing for ISO 27001, NIS2, SOC 2 or DORA. Tell us where you are, and we'll show you what Tormine can take off your plate.

Tormine is developed and owned by WiSec OÜ. Early-access requests are addressed to info@wisec.ee.

  • > early access to modules as they ship
  • > direct line to the build team
  • > influence the roadmap
  • > founder pricing
secure channel / opens your email client