Know exactly where you stand against every framework you need.
Manually mapping policies against ISO 27001, GDPR, NIS2, or SOC 2 in a spreadsheet takes days and goes stale the moment a framework updates. BastionIQ's AI reviews your actual documents and tells you the gaps — in minutes.
Compliance frameworks move faster than manual reviews can keep up.
Point-in-time spreadsheet audits are slow, inconsistent between reviewers, and outdated the moment a policy or a framework changes. Most teams only find the gaps when a customer questionnaire or an actual auditor finds them first. BastionIQ turns assessment into something you can rerun whenever a policy changes, not just once a year under deadline pressure.
Bastion Assess covers the frameworks your auditor, insurer, or regulator cares about.
From document upload to gap analysis
Choose a framework
Select from ISO 27001, ISO 22301, SOC 2, GDPR Art. 32, NIS2, NIST CSF, PCI DSS, NCSC CAF, DRII, Cyber Essentials, and more.
AI reviews your documents
BastionIQ reads your existing policies and evidence from the Vault and compares them against the framework's actual control requirements.
Get a gap analysis
See exactly which controls are met, partially met, or missing — in plain English, not audit-speak.
Reassess after every change
Update the policy, rerun the assessment, and see the gap close — no fixed annual cycle.
What Bastion Assess includes
10+ supported frameworks
ISO 27001, ISO 22301, SOC 2, GDPR, NIS2, NIST CSF, PCI DSS, NCSC CAF, DRII, Cyber Essentials.
AI-driven gap analysis
Automated comparison of your actual documents against control requirements, not a generic checklist.
Plain-English recommendations
Specific, actionable fixes for every gap — no compliance jargon to decode.
Rerun anytime
Reassess after every policy update to confirm the gap actually closed.
Feeds your evidence pack
Assessment results link directly into the same audit trail as your Plans and Vault documents.
anytime
Reassess as often as you need — not once a year.
Bastion Assess is included in every paid plan. Rerun it after every policy change, every framework update, or every new customer questionnaire. The cost of a compliance gap found by an auditor is always higher than the cost of finding it yourself.
Find your gaps before your auditor does.
Bastion Assess is included in every paid plan. Built-in AI included — or connect your own Anthropic key.