Plans your alignment. Operates your stack.
CloudSoul builds your alignment plan from your business and IT profile, then operates the security stack to deliver it 24/7. You set the target. We run the rest.
- Policies
- Controls
- Reports
- Detect
- Respond
- Recover
One platform. Two phases.
CloudSoul assesses your estate and deploys the security stack built for your environment and your target. We operate it 24/7. Compliance evidence is generated by the work itself.
Model your business
You describe the business and the estate. You pick the target, framework, or benchmark that matters. We assess where you stand, deploy the stack configured to your environment, and produce the action plan that gets you there.
Operate it continuously
CloudSoul operates your full security posture from day one. Detection, response, vulnerability management, compliance tracking. Everything runs continuously, and adapts as your business grows or the threat landscape shifts.
Profiles in. Operations out.
Two profiles describe your reality. Two operational areas keep your alignment true. The data flows between them automatically, and your plan updates with it.
Know where you stand. Prove it on demand.
Your security and compliance, organised. Risks, policies, controls, evidence and reports, all in one place. Every CloudSoul subscription includes Risk and Compliance.
Business + IT profile
The structured picture of your reality. Drives every recommendation the platform makes.
Action plan
A concrete, prioritised list of what to do to reach your target. Updates as your profile or the landscape changes.
Risk register
Configurable scoring, owners, treatment plans. Findings from operations land here automatically.
Policy library
Pre-built templates mapped to major frameworks. Versioning, approvals, attestations.
Framework mapping
One control mapped across NIS2, ISO 27001, DORA, SOC 2, GDPR. Add a framework, your controls map across.
Evidence engine + reports
Every operational action emits a signed artefact. Board pack, auditor pack, regulator submissions, generated, not assembled.
Eyes on your stack, 24/7.
Detection, response, exposure and resilience, operated by our EU SOC and fed straight back into your Risk and Compliance pillar. Included in every CloudSoul subscription.
Threat Detection & Response
SIEM + EDR + 24/7 SOC. We watch, we triage, we act. Most of the time you won't hear from us, and when you do, it's because it matters.
Exposure Management
Cloud security posture management, vulnerability scanning, patch monitoring. Find the holes before someone else does, ranked by what would actually hurt your business.
Resilience
Backup monitoring and BCP/DRP management. When the worst happens, you're already prepared. Out of the policy folder, into operational telemetry.
Supply Chain RiskSoon
Vendor assessments, posture monitoring, and supply-chain incident alerts. Your suppliers' security posture, on your dashboard, because their incident becomes your incident.
Already running a tool you trust?
If you have an incumbent SIEM, EDR, IAM, backup or training vendor you don't want to displace, we integrate it into the same evidence engine and the same plan instead of operating our own. Custom integrations are scoped per request. See how it’s priced →
Cloud-native. EU-hosted. EU-operated.
CloudSoul runs in its own EU infrastructure. Customer data stays in an EU region. Deployment is days, not quarters, no hardware on your side and no on-call rotation to staff.
Built for regulated European operators and the SMEs around them.
Your data stays in Europe.
Luxembourg-headquartered. EU-only hosting. No US Cloud Act exposure.
Operated end-to-end.
You set targets. We run the SOC, the scanners, the patches and the backup checks. Outcomes priced on a website.
On your side of the table.
We don't take vendor margins. When you need more than what we operate, we tell you what's worth it.
Common questions about the platform.
Is CloudSoul a SaaS platform or a managed service?
It is a complete SaaS platform. The 24/7 monitoring, scanning, patching and evidence collection are platform features that run automatically.
What does Risk and Compliance do?
It is one of the two platform pillars. Risk and Compliance profiles your business and IT, runs the assessment, produces the action plan, holds the evidence, and reports out. Risks, policies, controls, frameworks: all in one place.
Can I bring my existing tools (SIEM, EDR, etc.)?
Yes. If you have an incumbent SIEM, EDR, IAM, backup, or training vendor you do not want to displace, we integrate it into the same evidence engine and the same plan instead of operating our own. Custom integrations are scoped per request.
Where does my data live?
EU-only by default. CloudSoul runs in its own EU infrastructure with no US Cloud Act exposure. For operators with stricter residency requirements, hybrid and on-premise deployments are available.
What frameworks does the platform support?
NIS2 today, with ISO 27001 and DORA arriving as single-toggle additions. Once a control is mapped, it carries across frameworks, so adding ISO 27001 does not mean rebuilding your control library.
How is the platform priced?
Annual contracts with monthly billing, by employee size. Check out the pricing page, no sales gauntlet.
Do you offer a one-off security assessment?
Yes, the Security Report: a standalone audit of your cloud infrastructure, reviewed by a CISO, delivered in 48 hours. Fixed price, fixed scope. Useful for board updates, investor due diligence, or testing the waters before committing to the platform.
How does the alignment plan stay current?
The plan refreshes automatically when your business profile changes (new sites, new tooling, new headcount), when the threat landscape moves (new CVEs, new attack patterns), or when frameworks are updated. You see what needs your attention; everything else just runs.
30-minute walkthrough · No deck.