To Be Secure is a Software as a Service (SaaS) platform that provides an efficient, flexible and affordable online solution designed to support organisations in meeting the EU's cybersecurity regulatory requirements — including NIS2, CER and the EU Cybersecurity Act. Built on modern cloud infrastructure with the latest analytical technologies, including natural language processing, data visualisation and AI, To Be Secure enables organisations to manage their compliance obligations systematically and stay ahead of regulatory change — without costly system overhauls. The platform can be used as a standalone solution or integrated seamlessly with your existing IT systems.
Key features
Structured gap & risk assessment — conduct thorough gap analyses and risk assessments through guided questionnaires with conditional logic, so respondents only see questions relevant to their context. Results are analysed and visualised automatically.
AI-powered guidance and reporting — an integrated AI assistant, trained exclusively on cybersecurity legislation and best practice, helps users interpret requirements, respond to complex regulatory questions and generate audit-ready compliance reports in document format.
Real-time collaboration — multiple users can work on assessments simultaneously without data conflicts. Built-in commenting, dialogue threads and activity feeds keep teams aligned across departments and locations.
Secure data access and export — export compliance data, reports and evidence packs in Word, Excel and CSV formats, or connect to external systems via authenticated API for seamless data flows.
Full audit trail — an immutable, append-only log records every action taken in the platform — who did what and when — providing the traceability needed for regulatory review and internal audit.
Flexible organisation management— supports complex organisational structures with multiple entities, varying reporting periods and granular access control at organisation, project and survey level.
Supply chain and third-party assessment — send targeted questionnaires to suppliers and external partners directly from the platform, with automated reminders and aggregated results. Manage evidence collection and track response status across your entire supply chain.
Security
To Be Secure is designed with security and data protection at its core — a principle we apply to our own platform just as we help our clients apply it to theirs.
Security protocols
All communication is encrypted in transit using TLS (HTTPS). Data at rest is encrypted at the infrastructure level. The platform is developed and maintained in accordance with OWASP — the leading international industry standard for web application security — including protection against the OWASP Top 10 vulnerability categories. We conduct regular security reviews and updates to ensure protection against current threats. External service access is restricted to approved access paths only, and sensitive configuration information is managed through secure secrets management — no credentials are ever stored in source code or configuration files.
GDPR compliance
To Be Secure is designed to meet the requirements of the General Data Protection Regulation (GDPR). Strict data protection measures ensure that all personal data is processed lawfully, fairly and transparently. Role-based access control ensures that each user has access only to the data necessary for their function, in accordance with the principle of least privilege. All data is stored within the EU region in compliance with GDPR's geographic data residency requirements. Data subjects have the right to request access to, correction of, or deletion of their personal data at any time.
Incident management
An immutable audit log monitors system activity continuously to identify and document events relevant to data protection and security. In the event of a security incident, our incident response plan is immediately activated to ensure rapid identification, containment and recovery of system integrity. Breach reporting follows GDPR requirements, including the 72-hour notification obligation to the supervisory authority.
Hosting
To Be Secure is hosted on Google Cloud Platform (GCP), with all components placed within the EU region — ensuring full compliance with EU data residency requirements. Our SLA guarantees a minimum uptime of 99.95% per calendar month, with health monitoring and automatic restart to ensure fast recovery from any individual component failure.
Scalability and performance
The platform uses a containerised architecture that enables horizontal scaling as load increases, ensuring high performance regardless of the number of simultaneous users. Real-time functions handle concurrent sessions without performance degradation, making the platform equally responsive for a team of five or a network of hundreds.
Secure data storage and infrastructure
-
Robust and redundant object storage for all files, reports and attachments, with daily automated database backups and geographic redundancy.
-
Secure management of sensitive configuration data and service keys — no secrets stored in source code or configuration files.
-
Active protection against DDoS attacks and other network-based cyber threats.
-
All data storage restricted to the EU region to satisfy data residency requirements.
For organisations with elevated security requirements, on-premises installation is also available. We are experienced in working alongside customer security teams to agree and implement the right deployment model for your context.