Bastion Assess

Know exactly where you stand against every framework you need.

Manually mapping policies against ISO 27001, GDPR, NIS2, or SOC 2 in a spreadsheet takes days and goes stale the moment a framework updates. BastionIQ's AI reviews your actual documents and tells you the gaps — in minutes.

Book a walkthrough
The problem

Compliance frameworks move faster than manual reviews can keep up.

Point-in-time spreadsheet audits are slow, inconsistent between reviewers, and outdated the moment a policy or a framework changes. Most teams only find the gaps when a customer questionnaire or an actual auditor finds them first. BastionIQ turns assessment into something you can rerun whenever a policy changes, not just once a year under deadline pressure.

Bastion Assess covers the frameworks your auditor, insurer, or regulator cares about.

ISO 27001ISO 22301SOC 2GDPR Art. 32NIS2NIST CSFPCI DSSNCSC CAFDRIICyber Essentials
How it works

From document upload to gap analysis

01

Choose a framework

Select from ISO 27001, ISO 22301, SOC 2, GDPR Art. 32, NIS2, NIST CSF, PCI DSS, NCSC CAF, DRII, Cyber Essentials, and more.

02

AI reviews your documents

BastionIQ reads your existing policies and evidence from the Vault and compares them against the framework's actual control requirements.

03

Get a gap analysis

See exactly which controls are met, partially met, or missing — in plain English, not audit-speak.

04

Reassess after every change

Update the policy, rerun the assessment, and see the gap close — no fixed annual cycle.

Capabilities

What Bastion Assess includes

10+ supported frameworks

ISO 27001, ISO 22301, SOC 2, GDPR, NIS2, NIST CSF, PCI DSS, NCSC CAF, DRII, Cyber Essentials.

AI-driven gap analysis

Automated comparison of your actual documents against control requirements, not a generic checklist.

Plain-English recommendations

Specific, actionable fixes for every gap — no compliance jargon to decode.

Rerun anytime

Reassess after every policy update to confirm the gap actually closed.

Feeds your evidence pack

Assessment results link directly into the same audit trail as your Plans and Vault documents.

About AI usageStart immediately with BastionIQ's built-in AI — no separate vendor account needed. Connect your own Anthropic API key for unmetered usage as you scale.
Rerun
anytime

Reassess as often as you need — not once a year.

Bastion Assess is included in every paid plan. Rerun it after every policy change, every framework update, or every new customer questionnaire. The cost of a compliance gap found by an auditor is always higher than the cost of finding it yourself.

Find your gaps before your auditor does.

Bastion Assess is included in every paid plan. Built-in AI included — or connect your own Anthropic key.

Book a walkthrough