Govern risk · Deliver service · Prove compliance

    A single pane of glass for risk and IT service across your organisation.

    Anzen brings your CMDB, ITSM tickets, controls, and risk register into one live picture. The moment something breaks, you see the affected business processes, exposed financial value, and who needs to act - without stitching tools together.

    All in one view
    Live risk exposureOpen incidents & issuesControl coverageImpacted business processesFinancial value at stake
    🇪🇺 EU-hosted · No US cloud · GDPR compliant
    Start your free workspaceTry the interactive demo
    Anzen Risk Register showing application-scoped risks with inherent and residual scoring, treatment strategies, and linked controls

    Your GRC stack is broken.

    Spreadsheets for risk registers. A ticketing tool that doesn't talk to your CMDB. Manual evidence collection for audits. Sound familiar?

    Security teams waste 40% of their time on tooling overhead instead of actual risk reduction.

    When an auditor asks "show me your controls," you shouldn't need three days to pull the evidence together.

    Anzen is the single pane of glass that ties your CMDB, tickets, controls, and risk register together. When a server goes down, you already see which business processes are affected, the financial value at stake, and who owns the fix - in one view.

    Risk Management

    Know your risks before they become incidents

    The Risk Register gives your organisation a structured, auditable way to identify threats, assess their impact, and track treatment - all tied to the applications and assets you already manage in Anzen.

    Per-application risk register

    Every risk is scoped to an application, so ownership is clear and nothing falls through the cracks. Score risks on likelihood and impact, link the controls that mitigate them, and watch residual scores drop as your security posture improves.

    • Inherent and residual risk scoring (likelihood x impact, 1-25)
    • Six risk categories: strategic, operational, financial, compliance, technology, reputational
    • Four treatment strategies aligned with ISO 31000: mitigate, accept, transfer, avoid
    • Link affected assets, business processes, controls, and change tickets
    • Full assessment history with field-level audit trail
    • Review scheduling with overdue alerts in the Risk Report
    Read the documentation
    Risk register showing application-scoped risks with scoring, treatment strategies, and linked controls

    Proactive risk identification

    Document threats before they materialise. Tie each risk to the application it affects for clear ownership.

    Measurable mitigation

    Compare inherent vs residual scores side by side. Heatmaps show whether your controls are actually reducing risk.

    Audit-ready history

    Every score change, status update, and ownership transfer is recorded with timestamps and user attribution.

    Review reminders

    Set review dates per risk. The Risk Report flags upcoming and overdue reviews so nothing goes stale.

    Platform Modules

    Four modules, one pane of glass

    CMDB

    Know what you have

    Everything starts with visibility. Track every asset, entity, vendor, and their relationships.

    • Business Impact Analysis - know which processes are affected when an asset fails
    • Business Process modeling with visual flow designer and CIA classification
    • Hierarchical entity structure (org → department → team)
    • Configuration Items with IP, hostname, OS, and network metadata
    Entity management view showing hierarchical organisational structure

    ITSM

    Manage incidents, problems, and changes

    A complete ticketing system purpose-built for IT operations, with full audit trails.

    INC2026000001PRB2026000001CHG2026000001
    • Incidents, Problems, and Changes - unified workflow with full audit trail
    • Self-service end-user portal for ticket submission
    • Priority, impact, and urgency scoring with automatic escalation
    • Activity timeline with comments, status changes, and linked assets
    Issue detail view with global search showing vendor and CI results across the platform

    Risk & Controls

    Quantify and govern cyber risk

    Define controls, execute tests, track issues, and see your actual risk posture in real time.

    • Real-time risk dashboard with business impact scoring
    • Risk Acceptance with mandatory review deadline and audit trail
    • Control tests with evidence collection, scheduling, and 4-eyes review
    • Issues auto-created from failed tests - linked to assets and processes
    Control detail view showing test script instructions, related assets, and test history with pass/review status

    Service Portal

    End-user self-service

    A clean portal for non-IT staff to submit requests and track issues.

    • Submit incidents and change requests with guided forms
    • Track status of submitted tickets with activity timeline
    • View and comment on assigned issues
    • Re-open resolved tickets with a reason
    Clean workspace sign-in screen with subdomain-based tenant resolution

    How it works

    Three steps to real-time risk visibility

    01

    Map your landscape

    Import or build your CMDB: entities, assets, vendors, business processes with financial values.

    02

    Define your controls

    Create controls linked to frameworks, assign owners, set test schedules, and attach them to the assets and processes they protect.

    03

    Quantify your risk

    As tests run and issues arise, the risk dashboard automatically calculates your exposure against your risk appetite. Accept, remediate, or escalate - with full traceability.

    See the full getting started guide

    Platform Capabilities

    Built for enterprise. Designed for speed.

    Fully Segregated & Protected

    Every workspace is completely isolated with its own secure data boundary. Your data stays yours - always separated, always protected.

    Custom ITSM Workflows

    Define custom status flows per ticket type. Add, remove, or rename statuses, configure allowed transitions, and set auto-assignment rules.

    Role-Based Access Control

    Single role defines CRUD permissions across multiple models. Entity-scoped permissions with hierarchy inheritance.

    Global Search

    Fuzzy search across all entity types. Results ranked by relevance with Cmd+K keyboard shortcut.

    Full Audit Trail

    Every create, update, and delete is logged with before/after values. Audit log viewer with filters.

    European Data Sovereignty

    Hosted exclusively in the EU by Dutch engineers. GDPR-compliant with full data residency guarantees. Your data never leaves Europe.

    Anzen Discovery

    Native scanner that discovers devices on your network and automatically populates your CMDB. Available for macOS and Windows.

    Pricing

    Simple, transparent pricing

    Start free with up to 5 users. Upgrade to Professional for unlimited users and advanced compliance features.

    EssentialProfessionalPopularEnterprise
    UsersUp to 5UnlimitedUnlimited
    Control TestsManagement onlyManagement + Service PortalManagement + Service Portal
    Template Library (ISO 27001, NIS2)
    Control Test Reviews (4-eyes)
    Automatic Test Scheduling & Distribution
    Evidence & Attachment Storage1 GB10 GBCustom sizing
    SSO / OIDC
    Email Notifications
    Custom ITSM Workflows
    Per-user Invoicing with PDF
    SupportDocumentation & best-effortPriority supportDedicated account manager
    PriceFree€12.99 / user / month (incl. VAT)Contact sales
    Get started freeStart ProfessionalContact sales

    Not sure yet? Try the interactive demo first →

    Trust & Sovereignty

    European-built. European-hosted. Your data stays yours.

    In a world of cross-border data flows and foreign jurisdiction risks, Anzen gives you certainty. Fully managed by Dutch engineers with infrastructure that never leaves the EU.

    Built in the Netherlands

    Anzen is designed, developed, and maintained by a Dutch engineering team. No offshore development, no third-party access to your data.

    Hosted in the EU

    All data is stored and processed on our own European infrastructure - no AWS, Azure, or Google Cloud. Full GDPR compliance with data residency guarantees.

    Data Sovereignty by Default

    Your data never leaves Europe. Tenant-isolated architecture ensures complete separation between organisations.

    "Anzen replaced our spreadsheet-based risk register, three SaaS tools, and saved us two weeks per audit cycle."

    Aligned withISO 27001NIST CSFNIS2GDPREU Data Residency

    Enterprise-ready

    Built for teams that take security seriously.

    API-first designFull OpenAPI spec - every feature accessible via REST API. Build integrations, automate workflows, and extend the platform.
    SSO / OIDCSingle sign-on via OpenID Connect. Works with Keycloak, Okta, Azure AD, and any OIDC-compliant identity provider. TOTP-based 2FA as an extra layer.
    Tenant isolationSchema-per-tenant architecture with strict data boundaries. No cross-tenant data leakage by design. Full audit trail on every action.
    Role-based access controlGranular RBAC with entity-scoped permissions and hierarchy inheritance. Define exactly who can do what, where.

    Stop managing risk in spreadsheets.

    See how Anzen can give you real-time visibility into your IT risk posture - in minutes, not months.

    Start your free workspaceTry the demo