SecTepe.Core – ISMS, GRC & Compliance in one place
SecTepe.Core is a self-hosted, EU-native platform for compliance management, information security management systems and risk management. With AI-powered automation, eIDAS signatures and full data sovereignty, it supports mid-sized to large enterprises across NIS2, GDPR, ISO 27001:2022, BSI IT-Grundschutz, SOC 2, HIPAA and PCI DSS.
Request a demoSupported frameworks
- NIS2
- GDPR
- ISO 27001:2022
- BSI IT-Grundschutz
- SOC 2
- HIPAA
- PCI DSS
- DORA
Modules & core capabilities
Everything you need for compliance, ISMS and security management – in a single platform.
Multi-framework assessments
Automated gap analyses, maturity models and roadmap generation across all supported frameworks.
Learn moreISMS management
Asset lifecycle, risk register, policy management, control monitoring and audit collaboration.
Learn moreAI automation
Policy generation, RAG audit assistant, STRIDE threat modeling – fully self-hostable without external AI providers.
Learn moreEnterprise authentication
WebAuthn/FIDO2 hardware keys, SAML 2.0 / OIDC SSO, MFA, eIDAS-compliant digital signatures.
Learn moreWhite-label trust center
Self-hosted public compliance portal with custom domains, status pages and certificate showcase.
Learn moreThreat intelligence & CTI
Malware analysis suite with YARA, Capa, ClamAV, MWDB and AssemblyLine – including MISP and OpenCTI integration.
Learn moreOnlyOffice collaboration
Real-time document editing with versioning and a complete audit trail – GDPR-compliant, on-premise.
Learn moreFramework change management
Automatic detection of framework updates, impact analysis and reassessment workflows.
Learn moreSupplier & vendor portal
Structured third-party risk management with self-service questionnaires and evidence upload.
Learn moreTechnology & architecture
SecTepe.Core is built on a modern, cloud-native stack and can be deployed flexibly via Docker or Kubernetes (Helm) – on-premise or in your private cloud.
- • Frontend: React 19 + TypeScript, Tailwind CSS
- • Backend: Node.js / Express, PostgreSQL (Prisma ORM)
- • Storage: MinIO (S3-compatible), Redis caching
- • Security: Helmet, CSP, rate limiting, hardened CORS
- • Integrations: ServiceNow, Jira, Confluence, Odoo, HubSpot, AWS, Azure, GCP
Why SecTepe.Core?
- ✓Data sovereignty: 100% EU hosting, no US cloud dependency.
- ✓Cost advantage: Typically 40–60% less than Vanta / Drata.
- ✓No vendor lock-in: Open APIs, export formats, open-source core components.
- ✓EU-native AI: Self-hosted LLMs possible – no data leaks to US providers.
Ready for compliance by design?
Talk to us about SecTepe.Core and discover how to take your ISMS and compliance processes to the next level.
Book a free demoHow we work with you
We treat every engagement as a long-term partnership rather than a one-off delivery. Our approach is organised into four clear phases so that you always know what happens when, who owns which responsibility and which outcomes you can expect.
1. Free initial conversation
We learn about your starting position, your goals and the constraints you operate under. In 30 to 45 minutes we check whether our offering fits your situation, outline possible paths and answer your questions – no obligation attached.
2. Structured assessment
We capture the current state systematically – technically, organisationally and in regulatory terms. You receive a prioritised assessment that clearly names strengths, gaps and action areas and forms the basis for a robust offer.
3. Delivery with a dedicated lead
A senior lead guides you through the delivery with clear milestones, transparent effort and cost planning and a weekly status. All results are documented and remain fully owned by you.
4. Continuous operations & review
After project close, we stay alongside you in operations – via managed-service components, regular reviews, action tracking and proactive recommendations on new threats, regulatory changes or technology shifts.
Frequently asked questions about our services
The questions we are most often asked in first conversations – answered concisely. For anything else, our team is available at hello@sectepe.de or by phone at any time.
- How do we start working with SecTepe?
- All engagements start with a free initial conversation. You then receive an offer with a clear scope of effort, timeline and outcomes. On request we start with a small pilot to build trust and experience our delivery before moving into full implementation.
- What company sizes and sectors do you support?
- We work with small and mid-sized businesses as well as with corporate divisions and operators of critical infrastructure (KRITIS). Our core sectors are manufacturing, trades, healthcare, financial services, energy providers, public sector and the DACH mid-market.
- Do you work on site, remotely or hybrid?
- Both. Assessments, consulting and most managed services run remotely from our German data centres. For on-site work (workshops, training, incident response) we are primarily active in North Rhine-Westphalia, the Rhineland and the Ruhr area and extend our radius as needed.
- Which standards and regulations do you cover?
- We work to ISO 27001:2022, BSI IT-Grundschutz, TISAX, B3S KRITIS, NIS2, DORA and sector-specific requirements. Our methodology is grounded in recognised frameworks such as NIST CSF, MITRE ATT&CK, OWASP and OSSTMM, combined tailored to each project.
- How do you protect the confidentiality of my data?
- Confidentiality is anchored contractually and technically. Before every engagement we sign a mutual non-disclosure agreement, data is processed exclusively in German data centres, access is governed by zero-trust policies with multi-factor authentication, and all employees are contractually and GDPR-compliant bound to confidentiality.