EU compliance tools,
handcrafted for your business

NIS2 (Network and Information Systems Directive 2) is an EU cybersecurity regulation that came into effect in October 2024. It applies to essential and important entities across sectors including IT, finance, healthcare, energy, and digital infrastructure. Companies with 50+ employees or €10M+ annual turnover in these sectors are generally covered. NIS2 requires organizations to implement cybersecurity risk management measures, including access control policies and threat intelligence monitoring — exactly what ShieldShed helps you achieve.

ISO 27001 Annex A.5.7 requires organizations to collect and analyze threat intelligence relevant to their information security. Monitoring for lookalike domains and brand impersonation attempts directly addresses this control. DomainShield provides automated daily scans with audit-ready PDF reports that map findings to ISO 27001, NIS2 Article 21, and DORA Article 9 — giving your auditor exactly the evidence they need.

Access reviews are periodic evaluations of who has access to what in your organization's Microsoft 365 environment. ISO 27001 A.5.18 and NIS2 Art.21(2)(i) require documented, periodic review of access rights. Without a tool, most companies rely on manual Excel exports — which lack historical audit trails. AccessShield automates this process by taking daily snapshots of all Entra ID groups, tracking changes, and enabling group owners to review and approve memberships through a simple email-based workflow.

Microsoft Entra ID P2 costs approximately €8.40 per user per month and includes access reviews as part of a broader identity suite (PIM, Identity Protection, etc.). For a 200-user company, that's €1,680/month. AccessShield focuses specifically on the group audit trail and access review functionality at €3/user/month (€600/month for 200 users) — an 80% cost saving. DomainShield addresses a completely different need (external threat monitoring) that Entra doesn't cover at all.

All ShieldShed data is stored exclusively in the European Union, in Microsoft Azure's West Europe region (Netherlands). No data is transferred outside the EU. We are GDPR-compliant by design, and our infrastructure meets the data residency requirements of NIS2, DORA, and ISO 27001.

Yes. We offer a 30-day free trial for all shields. During the trial you get full access to all features, including compliance reports. You can cancel anytime from your account dashboard at no cost. If you don't cancel before the trial ends, your subscription will automatically convert to a paid plan.

Absolutely. ShieldShed is built specifically for organizations preparing for or maintaining ISO 27001 certification. DomainShield covers A.5.7 (Threat intelligence) and AccessShield covers A.5.18 (Access rights) and A.8.2 (Privileged access rights). Both products generate one-click PDF reports that map directly to these controls — ready to hand to your auditor.

DORA (Digital Operational Resilience Act) is an EU regulation for the financial sector that took effect in January 2025. Article 9 requires ICT risk management measures including access control and threat monitoring. DomainShield addresses Article 9's threat intelligence requirements, while AccessShield addresses the access management and audit trail requirements. Both generate reports with explicit DORA control mapping.