Obrenix
A self-hosted Compliance, Risk & Governance platform. Automated controls, continuous monitoring and AI-driven audits — running as a single set of Docker containers on your Linux host. Your data never leaves your network.
One console for the whole compliance lifecycle
From the controls register to auditor evidence packs — Obrenix turns your live signals into continuous, demonstrable compliance, without a crowd of analysts.
Controls register
ISO 27001:2022, DORA, SOC 2, NIST CSF 2.0 / 800-53, NIS2, GDPR, OWASP ASVS, CIS — plus custom packs. Per-control status, owner, evidence and cross-framework mapping.
Continuous monitoring
Automated checks pull a live signal from a connected source and evaluate it against a threshold — on a schedule, with alerts. A passing check can auto-mark its mapped controls.
Risk management
A risk register with likelihood × severity scoring, treatment, residual risk and a heatmap — with every risk linked to the controls that cover it.
Policy governance
Upload policies with nested procedures, read them in a Word-like view, export to PDF/Word — and approve a policy to auto-close the controls it satisfies.
AI analysis — on-prem
Built-in AI (local by default) summarises posture, proposes control mappings and routes ingested data. No data egress unless you opt into a cloud provider.
Evidence & auditor packs
Attach files, links, Jira tickets or approved policies to any control. One-click auditor evidence pack (ZIP) per framework, with an immutable change history.
Read-only by default. Nothing leaves the host.
Standard integrations only read from their source — they never modify your systems.
- Connect data sourcesObrenix pulls from an integration's API (read-only), or you push data in via the Ingest API.
- Normalise & storeSignals land in PostgreSQL and render as controls coverage, dashboards and reports.
- Monitor continuouslyScheduled checks re-evaluate live signals and keep control status and evidence current.
- Demonstrate complianceAuditors get read-ready evidence packs and an immutable change history — on demand.
Map once, satisfy many
Built-in framework packs with AI cross-mapping — close a control in one framework and see where it lands in the others. Bring your own custom control packs too.
Built to stay inside your perimeter
Only the web tier publishes a port. The API, database and AI engine stay on the internal Docker network and never face the internet.
- HTTPS-only UI — API, database and AI never leave the internal Docker network.
- Secrets encrypted at rest — passwords and the first admin are stored only as hashes.
- Mandatory 2FA — encrypted TOTP enrolment on every account by default.
- Self-hosted AI — no analysis egress unless you opt into a cloud provider, with a local Ollama fallback.
- Multi-company scoping — Compliance, Security 360 and Policy data isolated per legal entity.
- Audit-ready — immutable change history, control evidence and one-click evidence packs.
Pulls from the tools you already run
Most integrations are read-only — Obrenix makes an outbound connection and pulls. A few push notifications or forward events to your SIEM. No dedicated tile? Build a custom HTTP source or push via the Ingest API.
Self-host compliance you can actually demonstrate
Talk to the Hexarion team about an Obrenix rollout, an air-gapped install, or a tailored compliance scope — or dive straight into the documentation.