Kertos

Kertos is a compliance automation platform designed to help organizations manage privacy, information security, and AI governance requirements. The platform provides a Privacy Management System (PMS) for GDPR compliance, including automated data subject access request (DSAR) processing, Records of Processing Activities (RoPA), Transfer Impact Assessments (TIA), Data Protection Impact Assessments (DSFA), and policy management capabilities. For information security, Kertos offers a certifiable Information Security Management System (ISMS) supporting ISO 27001, TISAX, and SOC2 frameworks. The platform includes risk management, asset management, vendor management, and a trust center for displaying certifications to customers. The platform features Shadow IT Discovery for identifying data sources in real-time without code, automated policy creation using templates or a policy generator, and employee training modules for GDPR, data protection, and information security best practices. Kertos includes an AI Management System (AIMS) for ISO 42001 and EU AI Act compliance, with AI inventory management, AI risk assessment capabilities, and AI-specific employee training. The platform offers an external Data Protection Officer service and integrates with existing tools. The solution targets scale-ups, B2C and B2B companies, mid-sized businesses, and specific industries including healthtech, fintech, and SaaS providers. Kertos supports compliance with DORA, NIS2, GDPR, EU AI Act, ISO 27001, ISO 42001, ISO 27701, SOC2, and TISAX frameworks.