Formalize

Formalize is a governance, risk, and compliance (GRC) platform that consolidates compliance work for multiple European regulations into one connected system. Its distinctive approach is a shared control and evidence layer: a single control or evidence artifact maps across overlapping frameworks such as NIS2, the Digital Operational Resilience Act (DORA), ISO 27001, and the General Data Protection Regulation (GDPR), so teams document a requirement once and reuse it across audits instead of maintaining separate spreadsheets per regulation.

The platform ships prebuilt framework packages with predefined controls and policy templates, for example 118 controls and 15 policy templates for DORA and 93 controls for ISO 27001, that teams adapt through configurable workflows for evidence collection, approval routing, and governance reporting. Risk registers track inherent, residual, and target scores against defined risk appetite thresholds, and incidents link directly to the risks they affect. Separate privacy tooling manages records of processing activities and data subject requests, while a distinct whistleblowing product handles anonymous case intake.

Formalize holds ISO/IEC 27001:2022 certification issued by Intertek and undergoes annual ISAE 3000 Type 2 data-protection auditing and external penetration testing, with data hosted on ISO 27001-certified AWS infrastructure in Frankfurt. Founded in 2021 and headquartered in Aarhus, Denmark, the company serves more than 8,000 organizations across 80-plus countries and was selected as Spain's national whistleblowing authority. It raised a €30 million Series B round in 2025.