Govern risk · Deliver service · Stay secure

    One platform. Complete control over IT risk and service delivery.

    Anzen® brings ITSM, risk management, and compliance into a single pane of glass — so your team can manage incidents, track controls, and quantify cyber risk without juggling five different tools.

    Fully managed and hosted in the EU. Built by Dutch engineers. Your data never leaves Europe.

    Start your free workspaceSee how it works →
    Anzen Risk Report dashboard showing risk appetite usage gauge at 80%, severity breakdown, and active risk items table with exposure values

    Your GRC stack is broken.

    Spreadsheets for risk registers. A ticketing tool that doesn't talk to your CMDB. Manual evidence collection for audits. Sound familiar?

    Security teams waste 40% of their time on tooling overhead instead of actual risk reduction.

    When an auditor asks "show me your controls," you shouldn't need three days to pull the evidence together.

    Platform Modules

    Everything your security team needs

    CMDB

    Know what you have

    Everything starts with visibility. Track every asset, entity, vendor, and their relationships.

    • Configuration Items with IP, hostname, OS, and network metadata
    • Hierarchical entity structure (org → department → team)
    • Vendor and device type catalog
    • Business Process modeling with visual flow designer
    • Business Impact Analysis with financial value tracking
    • Full-text search across all assets and relationships
    Entity management view showing hierarchical organisational structure

    ITSM

    Manage incidents, problems, and changes

    A complete ticketing system purpose-built for IT operations, with full audit trails.

    INC2026000001PRB2026000001CHG2026000001
    • Incidents — triage with priority, impact, and urgency scoring
    • Problems — track root causes across multiple incidents
    • Change Requests — structured approval workflow
    • Human-readable ticket IDs
    • Reporter and assignee tracking with activity timeline
    • Self-service end-user portal for ticket submission
    Issue detail view with global search showing vendor and CI results across the platform

    Risk & Controls

    Quantify and govern cyber risk

    Define controls, execute tests, track issues, and see your actual risk posture in real time.

    • Controls with test scripts, scheduling, and framework references
    • Control Tests — pass/fail/N/A with evidence and review sign-off
    • Issues — automatic creation from failed tests with full lifecycle
    • Risk Acceptance with mandatory review deadline
    • Real-time risk appetite utilization dashboard
    • Configurable risk factors per severity level
    Control detail view showing test script instructions, related assets, and test history with pass/review status

    Service Portal

    End-user self-service

    A clean portal for non-IT staff to submit requests and track issues.

    • Submit incidents and change requests with guided forms
    • Track status of submitted tickets with activity timeline
    • View and comment on assigned issues
    • Re-open resolved tickets with a reason
    Clean workspace sign-in screen with subdomain-based tenant resolution

    How it works

    Three steps to real-time risk visibility

    01

    Map your landscape

    Import or build your CMDB: entities, assets, vendors, business processes with financial values.

    02

    Define your controls

    Create controls linked to frameworks, assign owners, set test schedules, and attach them to the assets and processes they protect.

    03

    Quantify your risk

    As tests run and issues arise, the risk dashboard automatically calculates your exposure against your risk appetite. Accept, remediate, or escalate — with full traceability.

    Platform Capabilities

    Built for enterprise. Designed for speed.

    Fully Segregated & Protected

    Every workspace is completely isolated with its own secure data boundary. Your data stays yours — always separated, always protected.

    SAST-Secured Pipeline

    Static application security testing integrated into every build. Vulnerabilities are caught before code reaches production.

    Role-Based Access Control

    Single role defines CRUD permissions across multiple models. Entity-scoped permissions with hierarchy inheritance.

    Global Search

    Fuzzy search across all entity types. Results ranked by relevance with Cmd+K keyboard shortcut.

    Full Audit Trail

    Every create, update, and delete is logged with before/after values. Audit log viewer with filters.

    European Data Sovereignty

    Hosted exclusively in the EU by Dutch engineers. GDPR-compliant with full data residency guarantees. Your data never leaves Europe.

    Pricing

    Simple, transparent pricing

    Start free with up to 5 users. Upgrade to Professional for unlimited users and advanced compliance features.

    StarterProfessionalPopularEnterprise
    UsersUp to 5UnlimitedUnlimited
    ModulesAll modulesAll modulesAll modules
    Risk ReportingBasicFull + Custom factorsFull + API access
    Control TestsManagement onlyManagement + Service PortalManagement + Service Portal
    Template Library (ISO 27001, NIS2)
    Control Test Reviews (4-eyes)
    Scheduled Control Tests
    Evidence Storage1 GB10 GBUnlimited
    SSO / OIDC
    Email Notifications
    Per-user Invoicing with PDF
    SupportCommunityEmailDedicated
    PriceFree€12.99 / user / month (incl. BTW)Contact sales

    Trust & Sovereignty

    European-built. European-hosted. Your data stays yours.

    In a world of cross-border data flows and foreign jurisdiction risks, Anzen gives you certainty. Fully managed by Dutch engineers with infrastructure that never leaves the EU.

    Built in the Netherlands

    Anzen is designed, developed, and maintained by a Dutch engineering team. No offshore development, no third-party access to your data.

    Hosted in the EU

    All data is stored and processed on our own European infrastructure — no AWS, Azure, or Google Cloud. Full GDPR compliance with data residency guarantees.

    Data Sovereignty by Default

    Your data never leaves Europe. Tenant-isolated architecture ensures complete separation between organisations.

    "Anzen replaced our spreadsheet-based risk register, three SaaS tools, and saved us two weeks per audit cycle."

    ISO 27001NIST CSFSOC 2NIS2GDPREU Data Residency

    For the CTO

    Enterprise capabilities. Zero legacy baggage.

    API-first designFull OpenAPI spec — every feature accessible via REST API. Build integrations, automate workflows, and extend the platform without limitations.
    Two-factor authenticationTOTP-based 2FA with support for Google Authenticator, FreeOTP, and 2FAS. Protect every account with an extra layer of security.
    SSO / OIDCSingle sign-on via OpenID Connect. Works with Keycloak, Okta, Azure AD, and any OIDC-compliant identity provider.
    JWT-based authStateless authentication with short-lived tokens and purpose-scoped challenge tokens for sensitive operations like 2FA.
    Tenant isolationEvery workspace is fully isolated with strict data boundaries. No cross-tenant data leakage by design.
    Transactional emailBuilt-in email notifications for ticket and issue updates, password resets, and email verification — with per-user opt-out.
    Full audit trailEvery create, update, and delete is logged with before/after values, user identity, and timestamp. Tamper-proof by default.
    Role-based accessGranular RBAC with entity-scoped permissions and hierarchy inheritance. Define exactly who can do what, where.

    Stop managing risk in spreadsheets.

    See how Anzen can give you real-time visibility into your IT risk posture — in minutes, not months.

    Start your free workspaceSchedule a demo