NRXNRX

Compliance, finally Compliance, finally calm. And boring. And automatic. And archived.

NRX turns the chaos of spreadsheets, screenshots, and Slack threads into one workspace for incidents, assets, people, and controls — purpose-built for teams shipping toward SOC 2, ISO 27001, and GDPR.

Start free for 14 daysTake the tour
No credit card · Audit-ready demo data · Cancel anytime

A week in compliance. Before NRX, and after.

Most compliance programs aren’t broken by bad people — they’re broken by Monday morning. Here’s what one week looks like, on both sides of NRX.

01
MON
09:14

Six tabs. Three spreadsheets.
A folder named audit-final-v3-FINAL.zip.

Compliance hasn’t lived in one place since the day you got hired. Every Monday is a fresh treasure hunt.

compliance-toolspreadsheet-q4policies-docdrive/evidencevendor-portalslack-searchaudit-final-v3-FINAL.zip
02
TUE
11:47

Someone changed an IAM policy.
Nobody remembers who.

Three weeks ago the audit log moved to a new tool. The Slack history is somewhere in the exports folder.

$ grep -r "who changed iam policy" ./slack-export-2026-Q1/
./slack-export/general/2026-02-14.txt:14223: > @daniel: anyone touch the s3 policy?
./slack-export/dms/alex-jordan.txt:0921: > jl: i’ll check tomorrow
./slack-export/general/2026-02-17.txt:14994: [no further matches]
$
03
WED
14:12

Half your assets are stale.
You don’t know which half.

The inventory hasn’t been touched since the last audit. Two new services launched. No one owns them.

AST-001Customer Portal2 weeks ago
AST-008Marketing Website!9 months ago
AST-013Vendor: Stripe1 month ago
AST-019Internal Wiki!11 months ago
AST-024Legacy Billing Service!14 months ago
04
THU
16:33

You switch to NRX.

Inventory imports from your cloud. Controls map themselves to ISO 27001 and SOC 2. Owners get notified.

Workspace ready5m setup
Inventory imported8 assets
Controls mapped142 / 142
Owners assigned10 people
Continuous monitoringlive
05
FRI
17:01

It already happened.

The evidence was collected in real time. The auditor signed in to a read-only seat. You went home at 5.

SOC 2 Type II · Passed
Audit complete
0 exceptions · evidence collected continuously
Issued
May 18, 2026

Product tour

One workspace. Four pillars. Built to work as one.

01 · Incidents

Capture every signal as it happens.

From a customer report to an automated alert, every signal becomes a tracked incident with severity, owner, and an immutable timeline.

  • Status & severity at a glance
  • Linked to assets and controls
  • Auto-generated audit timeline
app.nrx.io/incidents
Incidents
24 active · sorted by severity
INC-236
Phishing campaign targeting finance
0 credentials compromised
Monitoring
INC-241
Primary database latency spike
3 services affected · investigating
Monitoring
INC-239
TLS cert expiring on api-gw
All external API traffic at risk
Triage
INC-240
Suspicious login investigation
47 accounts flagged · MFA enforced
Investigating
INC-237
Unencrypted S3 bucket detected
Resolved · encryption enforced
Resolved
02 · Assets

Know what you own — and what’s at risk.

Inventory every system, database and vendor with CIA ratings, owners and the controls they’re covered by. Always live, never stale.

  • Classification & criticality scoring
  • Owner + custodian assigned
  • Continuous review cadence
app.nrx.io/assets
Assets
8 tracked · 3 restricted · review due in 2 weeks
Primary Database
NRX-DATA-001 · Database
Restricted
Customer Portal
NRX-APP-001 · Software
Confidential
AWS Production Account
NRX-INFRA-AWS · Infrastructure
Confidential
HR Records Repository
NRX-INFO-HR · Information
Restricted
Payments Vendor
NRX-VEN-PAY · Vendor
Confidential
03 · People

Right person, right access, right time.

Run access reviews on a recurring cadence. See who touches what, force MFA, and revoke instantly when someone leaves.

  • Role-based access reviews
  • MFA & SSO enforcement
  • Lifecycle from invite to off-boarding
app.nrx.io/people
People
10 members · 80% MFA · 1 invite pending
AWOwner
Alex Walker
Security Lead
JLAdmin
Jordan Lee
Operations Manager
DPAdmin
Daniel Park
Platform Engineer
ARAdmin
Aisha Rahman
HR Director
HTMember
Hiro Tanaka
Backend Engineer
RCMember
Riley Chen
Brand Designer
04 · Controls

Every framework, every control, one source.

Map your work once. We re-use it across ISO 27001, SOC 2, GDPR and HIPAA so a single piece of evidence covers many obligations.

  • Cross-framework mapping
  • Live coverage percentages
  • Auditor-friendly export
app.nrx.io/controls
Controls
ISO 27001 · 142 controls · 138 passing · 4 in progress
A.5.7Threat intelligence100%Passing
A.5.9Inventory of information96%Passing
A.5.15Access control84%In progress
A.5.30ICT readiness for continuity92%Passing
A.8.6Capacity management100%Passing
A.8.13Information backup70%In progress
A.8.24Use of cryptography98%Passing

Pick the size of your story. Pay only for the chapter you’re in.

Start free while you build the foundation. Upgrade when audits arrive. Plans pulled live from our system — no surprise asterisks.

Need a custom plan, on-prem deployment, or compliance-specific terms? Talk to sales →

Honest answers, before you ask.

The things people always email us about, right here in plain text.

Your audit week starts Monday. Or Friday. Up to you.

Start free with audit-ready demo data. Wire up your real evidence when you’re ready — in days, not quarters.

Start 14-day free trialBook a demo

No credit card · Cancel anytime · Audit-ready demo data