Frequently asked questions

Bruma is a Cyber Readiness & Compliance Platform designed to help professional-services firms document, manage, and demonstrate their cybersecurity governance.

The platform supports WISP creation, vendor oversight, evidence collection, and audit-ready documentation aligned with regulatory expectations.

Bruma centralizes and simplifies core cyber-governance tasks, including:

• Creating and updating Written Information Security Programs (WISPs)

• Tracking vendor due diligence (SOC reports, ISO certifications, DDQs)

• Collecting and storing evidence of cybersecurity controls

• Generating audit-ready documentation

• Monitoring organizational cyber readiness

No. Bruma is not a workflow platform or operations system. It sits alongside your existing tools to strengthen cybersecurity governance, compliance documentation, and audit preparedness.

No.

Bruma is built for non-technical users, with guided workflows and plain-language prompts.

IT or cybersecurity teams can contribute where needed, but compliance and operations teams can run the platform independently.

Yes. Bruma generates audit-ready documentation and maintains a centralized evidence repository, making it easier to respond to auditor or regulatory inquiries.

Yes. Bruma follows industry security practices, including:

• Data encryption in transit and at rest

• Role-based access controls

• Audit logging

• Secure document storage

A full security overview is available upon request.

Yes.

Organizations can invite internal team members and external partners with customizable, role-based permissions.