CloudSoul
The platform

Plans your alignment. Operates your stack.

CloudSoul builds your alignment plan from your business and IT profile, then operates the security stack to deliver it 24/7. You set the target. We run the rest.

See pricing
Your company profile
Business · IT
Compliance Automation
  • Policies
  • Controls
  • Reports
Security Operations
  • SIEM
  • Scanners
  • Alerts
How it works

One platform. Two phases.

CloudSoul gets you aligned with your target, then operates everything that needs operating, so the alignment stays true. The plan refreshes itself when your business shifts or the threat landscape moves.

Phase 1

Alignment

You tell us about the business and the IT estate. You pick a target, a framework, or an industry benchmark. We assess where you stand and produce the action plan that gets you there: the controls to use, the risks to watch, the alerts tuned to you.

Phase 2

Operations

Our 24/7 SOC takes over. We monitor, triage, and act on signals from the operated stack. Your action plan stays current as the business grows, the tooling changes, or new threats appear. You see what needs your attention. Everything else just runs.

Inside the platform

Profiles in. Operations out.

Two profiles describe your reality. Two operational areas keep your alignment true. The data flows between them automatically, and your plan updates with it.

PROFILE · 01 Business profile Sectors, size, geography, your target. PROFILE · 02 IT profile Cloud, on-prem, tooling, data sources. OPERATIONS · 01 Compliance Frameworks, controls, evidence, reports. OPERATIONS · 02 Security SOC, scans, patches, alerts, response.
Compliance Core

Know where you stand. Prove it on demand.

Your security and compliance, organised. Risks, policies, controls, evidence and reports, all in one place. Every CloudSoul subscription includes the Compliance Core.

C01

Business + IT profile

The structured picture of your reality. Drives every recommendation the platform makes.

C02

Action plan

A concrete, prioritised list of what to do to reach your target. Updates as your profile or the landscape changes.

C03

Risk register

Configurable scoring, owners, treatment plans. Findings from operations land here automatically.

C04

Policy library

Pre-built templates mapped to major frameworks. Versioning, approvals, attestations.

C05

Framework mapping

One control mapped across NIS2, ISO 27001, DORA, SOC 2, GDPR. Add a framework, your controls map across.

C06

Evidence engine + reports

Every operational action emits a signed artefact. Board pack, auditor pack, regulator submissions, generated, not assembled.

Security Operations

Eyes on your stack, 24/7.

Detection, response, exposure, resilience and the human layer, operated by our EU SOC and fed straight back into your Compliance Core. Included in every CloudSoul subscription.

S01

Threat Detection & Response

SIEM + EDR + 24/7 SOC. We watch, we triage, we act. Most of the time you won't hear from us, and when you do, it's because it matters.

S02

Exposure Management

Cloud security posture management, vulnerability scanning, patch monitoring. Find the holes before someone else does, ranked by what would actually hurt your business.

S03

Resilience

Backup monitoring and BCP/DRP management. When the worst happens, you're already prepared. Out of the policy folder, into operational telemetry.

S04

Supply Chain RiskSoon

Vendor assessments, posture monitoring, and supply-chain incident alerts. Your suppliers' security posture, on your dashboard, because their incident becomes your incident.

S05

Human RiskSoon

Phishing simulation, training tracking, board-level NIS2 training. Your weakest link, instrumented, so "the human factor" stops being your audit weak spot.

Already running a tool you trust?

If you have an incumbent SIEM, EDR, IAM, backup or training vendor you don't want to displace, we integrate it into the same evidence engine and the same plan instead of operating our own. Custom integrations are scoped per request. See how it’s priced →

Deployment

Cloud-native. EU-hosted. EU-operated.

CloudSoul runs in its own EU infrastructure. Customer data stays in an EU region. Deployment is days, not quarters, no hardware on your side and no on-call rotation to staff.

Why CloudSoul

Built for regulated European operators and the SMEs around them.

Your data stays in Europe.

Luxembourg-headquartered. EU-only hosting. No US Cloud Act exposure.

Operated end-to-end.

You set targets. We run the SOC, the scanners, the patches and the backup checks. Outcomes priced on a website.

On your side of the table.

We don't take vendor margins. When you need more than what we operate, we tell you what's worth it.

FAQ

Common questions about the platform.

Is CloudSoul a SaaS platform or a managed service?

It is a complete SaaS platform. The 24/7 monitoring, scanning, patching and evidence collection are platform features that run automatically.

What does the Compliance Core do?

It is the brain of the platform. The Core profiles your business and IT, runs the assessment, produces the action plan, holds the evidence, and reports out. It is also where compliance lives: risks, policies, controls, frameworks, all in one place.

Can I bring my existing tools (SIEM, EDR, etc.)?

Yes. If you have an incumbent SIEM, EDR, IAM, backup, or training vendor you do not want to displace, we integrate it into the same evidence engine and the same plan instead of operating our own. Custom integrations are scoped per request.

Where does my data live?

EU-only by default, with primary residency in Luxembourg. CloudSoul runs in its own EU infrastructure with no US Cloud Act exposure. For operators with stricter residency requirements, hybrid and on-premise deployments are available.

What frameworks does the platform support?

NIS2 today, with ISO 27001 and DORA arriving as single-toggle additions. Once a control is mapped, it carries across frameworks, so adding ISO 27001 does not mean rebuilding your control library.

How is the platform priced?

Annual contracts with monthly billing, by employee tier. You add modules à la carte. List prices are public on the pricing page, no sales gauntlet.

Do you offer a one-off security assessment?

Yes, the Security Report: a standalone audit of your cloud infrastructure, reviewed by a CISO, delivered in 48 hours. Fixed price, fixed scope. Useful for board updates, investor due diligence, or testing the waters before committing to the platform.

How does the alignment plan stay current?

The plan refreshes automatically when your business profile changes (new sites, new tooling, new headcount), when the threat landscape moves (new CVEs, new attack patterns), or when frameworks are updated. You see what needs your attention; everything else just runs.

A platform you can operate. A plan you can audit. One product that runs them both.
See pricing

30-minute walkthrough · No deck.