Compliance

The auditor arrives Tuesday. Where's your evidence?

NIS2, ISO 27001, DORA - every framework requires proof that your employees are trained against phishing. nophi.sh generates that proof as you run campaigns.

Generate my first report

Why now

NIS2 has been in effect since 2025. Training evidence is now mandatory.

NIS2: 15,000 entities, real fines

France goes from 500 regulated entities to over 15,000 under NIS2. Fines up to €10M or 2% of global revenue for essential entities. Article 21 requires documented employee cybersecurity training.

Source: ANSSI - Directive 2022/2555, Art. 34

No proof, no payout

Only 3% of French SMBs have cyber insurance. Insurers systematically check whether employees were trained before paying claims. Without documented training evidence, coverage can be denied even with an active policy.

Source: AMRAE, LUCY Report 2025

A failed audit costs more than compliance

ISO 27001 certification costs €8,000 to €35,000 for a European SMB, audit and consulting included. Annex A.7 requires dated awareness evidence. Not a last-minute PDF: auditors want logs covering 6 to 12 months.

Source: DigiTrust, 2026

Generate my first evidence

Supported frameworks

NIS2

15,000 French companies must prove they train their employees

Article 21 requires mandatory training and regular testing, with reporting to authorities. nophi.sh compiles evidence as you run campaigns: results by department, simulation results, training certificates.

Start free trial Read our NIS2 guide for SMBs

ISO 27001

Annex A.7 - timestamped training certificates and continuous awareness evidence.

DORA

Digital operational resilience - documented phishing tests for the financial sector.

SOC2

Security awareness controls and regular testing evidence for SaaS providers.

What nophi.sh generates

The documents your auditors expect

No manual formatting. nophi.sh compiles evidence as you run campaigns.

Audit-ready PDF reports

Compliance rate, training rates, simulation history. One-click export.

Timestamped training certificates

Every trained employee gets a certificate with date, duration and score.

Campaign log

Dates, results, click rates, corrective actions. Everything tracked.

Per-framework checklist

Track your NIS2, ISO 27001 or DORA progress point by point.

Compliance report

March 2026

Compliant

92%

Overall score

NIS2 · ISO 27001 · DORA

Employee training96%

Phishing tests88%

Documentation92%

Your next audit, stress-free

Launch your first campaigns. Evidence compiles as results come in.

Start free trial View pricing

Hosted in France

GDPR compliant

French-speaking support