devguard is the native ISMS workspace for keeping an organisation audit-ready — coverage, versioned policies, reviews, audits and ten auditor reports, your method on top. Whether you run one company’s compliance, many clients’, or keep evidence next to the code, you start from the same workspace. Swiss-hosted, German and English, on-prem possible. Pick the path that sounds like you.
The same workspace underneath, a different job on top. Pick the path that matches how you run compliance — each one is honest about exactly what devguard does and doesn’t do.
You run compliance for other companies. Every client mandate in one workspace, each client isolated — we don’t consult and we don’t resell.
You hold or are earning a certificate. Stay audit-ready year-round — the gap list months out, not the week before.
Your evidence lives miles from your code. Bring it next to the work in GitHub, GitLab, Jira and Slack, connected through tools you control.
More than one fits? Most conversations start that way. Pick the one closest to this week — the path only changes what we talk about first, not what you get.
Not a metrics wall (we're early; we won't invent numbers). The differentiators we can stand behind today:
The ISMS core is the product — coverage, policies, reviews, audits and reports in one workspace, not a separate invoice each.
You control where the data sits, in German and English, and it exports in full whenever you ask.
Your structure and process stay yours; devguard is where the work lives, whether that’s one company or many clients.
Evidence flows from the tools you connect, and your policies stay yours to write. We only claim the integrations we actually ship — cloud auto-collection is on the roadmap, not dressed up as done.
Hosted in Switzerland by default, on-prem possible, German and English throughout — so when a client, customer or auditor asks where the compliance evidence sits, you have a precise answer. Your data exports in full, any time.
No empty workspace handed over. Whatever you’re moving, whether your own ISMS, a client’s, or an existing setup in spreadsheets, Confluence or another tool, we migrate the first one into devguard ourselves, on a fixed scope and a fixed date. Nothing is switched over until you’ve checked it side by side. Then you run from there, and your data exports in full whenever you want it.
We agree exactly what the first migration covers, which frameworks and how much evidence, so there’s no open-ended engagement.
The founder moves the ISMS from wherever it lives today, whether another tool, spreadsheets, Word or Confluence, on an agreed schedule, not a ticket queue.
You check the auditor-facing trail side by side. When you’re satisfied it’s intact, you’re live and you run from there.
If you run compliance for other companies as a consultancy, vCISO or MSP, start with the consultancies path. If you hold or are earning a certificate for your own company, start with certified companies. If your priority is keeping evidence next to your code in GitHub, GitLab, Jira and Slack, start with engineering. They’re the same workspace seen through a different job — the page just leads with the one you’ll care about first.
Common, and fine — a CTO who also holds the certificate, or a consultancy whose own company is certified too. Pick the path that matches the job you’re solving first; nothing about the product changes between them. We’ll sort out the rest in the conversation.
There’s no published number, because the right price depends on which path you’re on and your setup — per client for a consultancy, per organisation for a single company. We work it out together in the conversation, and once it’s set, it isn’t re-negotiated against you later.
Hosted in Switzerland by default, in German and English, with on-prem possible — so you have a precise answer when a client, customer or auditor asks where the evidence sits. No lock-in by design: your policies, evidence and history export in full at any time.
Both, in order. We hand-migrate the first ISMS into devguard ourselves, fixed scope, fixed date, founder-run, and nothing switches over until you’ve verified it side by side. After that you run the workspace yourself, and the migration is the on-ramp, not a consulting line we’re building.
A short conversation, peer to peer — not a sales demo. Tell us how compliance works for you today, and we’ll be straight about whether devguard fits and what moving a first ISMS across would look like.