Neu — TISAX 6.0 & NIS2-Pflichten ab 2026

Ein Tool für
DSGVO ISO 27001 LkSG NIS2 TISAX

We know how frustrating compliance can be — Excel spreadsheets, scattered folders, audit weeks full of stress. Aldric unifies all regulatory requirements in one modular platform.

Start 14-day free trial → Watch demo
Keine Kreditkarte Hosting in Deutschland Live in 14 Tagen
app.aldric.eu/dashboard
LK
Guten Morgen, Lena · 30. April 2026
Dashboard
7T 30T Q Jahr
87
Compliance-Score
Datenschutz91%
Verträge78%
Risiken84%
Schulungen92%
Nächste Fristen
DSAR: M. Becker 8 Tage
Datenschutz-Schulung 14 Tage
Art.30 Review Q2 21 Tage
ISMS Audit 35 Tage
0
Verträge
aktiv
3
0
DSAR
offen
0
DSFA
gesamt
7
0
Aufgaben
offen
0
Vorfälle
aktiv
0
Risiken
bewertet
Art. 35 DSGVO
Datenschutz-Folgenabschätzung
+ Neue DSFA
CRM-Migration zu Salesforce
Risiko: Hoch · Lena Krüger
In Prüfung
Mitarbeiter-Tracking
Risiko: Mittel
Genehmigt
Cookie-Banner v3
Risiko: Niedrig
Genehmigt
KI-Recruiting-Tool
Risiko: Hoch
Eskaliert
Art. 30 DSGVO
Verarbeitungsverzeichnis
PDF Export + Neu
VerarbeitungSystemRechtsgrundlageStatus
BewerbermanagementPersonioArt.6(1)bAktiv
NewsletterBrevoArt.6(1)aAktiv
VertragsmanagementSAPArt.6(1)bAktiv
WebanalysePlausibleArt.6(1)fReview
Art. 15–22 DSGVO · Frist: 30 Tage
Betroffenenanfragen
Auskunftsersuchen — M. Becker
Eingang: 14.04.26 · Frist in 8 Tagen
Offen
Löschanfrage — S. Vogel
Eingang: 10.04.26 · Frist in 12 Tagen
In Bearbeitung
Datenübertragbarkeit — A. Kim
Eingang: 05.04.26 · Frist in 17 Tagen
Zugewiesen
Aufbewahrungsfristen
Löschkonzepte
Bewerberunterlagen
6 Monate
Aktiv
Rechnungen
10 Jahre · §147 AO
Aktiv
Newsletter-Abmeldungen
3 Jahre
Aktiv
Logfiles
7 Tage · Auto-Rotation
Aktiv
Consent Management
Einwilligungsregister
0
Aktive Einwilligungen
▲ 4%
0
Widerrufe
0
%
Opt-In Rate
Policies & Training
Richtlinien & Schulungen
+ Schulung
Datenschutz-Grundschulung 2026
142/156 Mitarbeiter · 91%
Läuft
Informationssicherheit
98/156 · 63%
In Bearb.
Phishing-Awareness
156/156 · 100%
Abgeschl.
Risikomanagement
Risk Register
0
Hohe Risiken
0
Mittlere Risiken
0
Niedrige Risiken
Single-Point-of-Failure HR-System
Kritisch · Keine Redundanz
Hoch
Drittland-Transfer USA
Datenschutz · SCCs vorhanden
Mittel
Art. 32 DSGVO · ISO 27001 A.5–A.8
TOM-Management
Schutzziele
Vertraulichkeit98%
Integrität94%
Verfügbarkeit91%
Belastbarkeit86%
Wiederherstellung78%
Pseudonymisierung100%
Meldepflicht 72h · Art. 33 DSGVO
Vorfallsmanagement
⚠ Vorfall melden
Phishing-Versuch Buchhaltung
12.04.26 · Keine Datenweitergabe
Gelöst
Verlorenes Notebook (verschlüsselt)
08.04.26 · Kein Risiko
Gelöst
Fehlversand E-Mail (12 Empfänger)
02.04.26 · Bewertung läuft
Bewertung
HinSchG · anonym
Hinweisgebersystem
0
Eingegangen (12 Mon.)
0
In Bearbeitung
0
%
Anonym
ISO 27001:2022 · 93 Controls
ISMS Übersicht
0
Implementiert
0
In Arbeit
0
%
Audit-Score
▲ 4 vs. Vorjahr
Controls nach Annex
A.5 Organisatorisch95%
A.6 Personenbezogen100%
A.7 Physisch91%
A.8 Technologisch88%
DSFA abgeschlossen
CRM-Migration · vor 2 Min.
Audit-Bericht generiert
ISO 27001 · 14 Seiten · PDF
Unterstützt 5 Frameworks
EU-DSGVO ISO 27001 LkSG NIS2 TISAX + HinSchG + DORA 2026
We know the problem

Compliance feels like a full-time job nobody wants.

01
Excel chaos
Processing records in spreadsheets, TOMs in Word, contracts by email. Nobody can find the current version.
02
Audits = weeks of overtime
Three days before the audit: frantic search for evidence, emails from 2023, missing signatures.
03
Five frameworks, five tools
One tool for GDPR, another for ISO 27001, a consultant for supply chain. And none of them talk to each other.
04
No one sees the status
Management asks: "Are we compliant?" — and nobody can really answer that.

One Platform. All Frameworks. Modular like building blocks.

Modular

12+ modules. You choose what you need today — and add more as you grow.

Automated

Workflows, deadlines, reminders. The 72-hour deadline for data breaches? Aldric will wake you up in time.

Audit-ready

Complete audit trail, revision-proof documentation. Export as PDF at the push of a button — whenever the auditor asks.

Multi-Framework

A measure that satisfies GDPR and ISO 27001? Aldric links them automatically. No duplicate effort.

From spreadsheet chaos to audit-ready in 14 days.

01

Select modules

DPIA
Art. 30
TOM
ISMS
02

Capture data

CRM System
HR Tool
Newsletter
03

Automate

⏰ TOM review in 14 days
🔔 DPA expires in 30 days
04

Audit-ready

ISO-27001-Audit_2026.pdf
14 pages · 47 evidence items
12+ Modules

One for every requirement. Combine as you like.

From data protection to ISMS to supply chain compliance. Each module works standalone — together they form a complete compliance system.

Data Protection

DPIA

Data Protection Impact Assessment per Art. 35 GDPR — systematic, with risk matrix.

GDPR
Data Protection

Art. 30 Processing Register

Record of all processing activities. With template library.

GDPR
Security

TOM Management

Technical & organizational measures per Art. 32 GDPR and ISO 27001.

GDPRISO 27001
Data Protection

Data Subject Rights (DSAR)

Handle requests on time. Workflow from receipt to response.

GDPR
Incidents

Incident Management

72-hour deadline under control. Response paths automatically documented.

GDPRNIS2
Data Protection

Deletion Concepts

Define retention periods per data type. Automatic reminders.

GDPR
Governance

Policies & Training

Distribute policies, track acknowledgments, organize training.

ALL
Data Protection

Data Processing Agreements

Manage and monitor processor agreements centrally.

GDPR
Security

ISMS / ISO 27001

All 93 controls. Measures, evidence, reviews — structured.

ISO 27001
Security

Business Continuity

Emergency plans, BCM tests, recovery times — documented.

ISO 27001NIS2
Supply Chain

Supplier Risk & LkSG

Document due diligence. Assess risks. Reports at the push of a button.

LkSG
Provider

Consultant Portal

Manage multiple clients. White-label. Cross-client reporting.

PROVIDER
View all modules →
Frameworks

One data model. Multiple standards.

A single TOM measure often satisfies both GDPR Art. 32 and ISO 27001 A.8. Aldric maps that automatically — maintain once, report multiple times.

~62%
controls overlap
maintain, 5× compliant
EU-GDPR General Data Protection Regulation
DPIAArt. 30TOMDSAR+3
ISO 27001 Information Security Management System
ISMSTOMBCMPolicies
LkSG German Supply Chain Due Diligence Act
Supplier RiskIncidents
NIS2 EU Directive on Cybersecurity
ISMSIncidentsBCM
TISAX Automotive Information Security
ISMSTOMSupplier Risk

Aldric adapts to you. Not the other way around.

Before, I had 14 Excel files for Art. 30. Now I update once — and management sees the status live.
— Data Protection Officer, Mid-size company
Maintain processing register centrally
DPIA workflow with risk matrix
Handle data subject requests on time
Distribute and track training
12+
Modules
5
Frameworks
14 days
to go live
100%
Hosted in Germany

Two Editions. One goal: Clarity.

For companies

Company Edition

For companies managing compliance internally — from mid-size businesses to enterprises.

  • All 12+ modules
  • Seat-based billing
  • SSO / OIDC integration
  • Role-based access control
  • SLA incl. 99.9% uptime
View pricing →
For consultants

Provider Edition

For consultants and service providers managing multiple clients.

  • Multi-client management
  • White-label options
  • Cross-client dashboard
  • Reseller & partner model
  • Dedicated partner manager
Become a partner →
Security first

A compliance platform must itself be compliant.

Aldric runs on German servers, is encrypted to the state of the art, and is itself operated to ISO 27001 standards.

🇩🇪
Hosted in Germany
ISO-27001-certified data centers in Frankfurt and Berlin.
🔐
AES-256 Encryption
Data at rest and in transit. End-to-end for sensitive fields.
📋
ISO-27001-operated
We practice what we preach. External audit annually.
🔑
SSO & MFA
OIDC, SAML, TOTP. Granular roles and audit trails.
FAQ

What we're often asked.

More questions? Write to us.

How quickly can we go live?
Most customers start productively within 7–14 days. With the onboarding assistant, you can import existing Excel records directly — no data loss.
Can we start with just one module?
Yes. Many begin with DPIA + Art. 30 and add ISMS or LkSG later. The modules talk to each other as soon as you activate them.
How does the multi-framework mapping work?
A TOM measure is maintained once and automatically assigned to ISO 27001 controls, GDPR Art. 32 and TISAX requirements.
Where is our data stored?
Exclusively in ISO-27001-certified data centers in Germany (Frankfurt & Berlin). No data transfer to third countries without your explicit consent.
What does Aldric cost?
Modular pricing. The Company Edition is seat-based starting with the first module. The Provider Edition charges per client. Exact pricing in a demo call.
Do we get help with setup?
Yes. Every customer receives an onboarding manager. For larger setups, we work with certified partners.
Ready?

Enough with Excel compliance.
Start with clarity.

14 days free. No credit card. No commitment.

Live in 14 days Hosted in Germany Personal onboarding manager