Built by GRC veterans. Not advisors.

The people behind Acuna ran audits, built compliance programs, and advised regulators for years before a line of code was written. The platform works the way experienced GRC teams actually work, not the way software vendors imagine they do.

Alexis Hirschhorn· CEO of Acuna· ISO 42001 Lead Auditor · CAIP CertifiedUpdated June 2026

Why Acuna?

Acuna is a GRC platform built and operated by the Abilene Group, an established Swiss GRC group, and led by practitioners who run audits and compliance programs. It maps requirements once across 50+ frameworks, ties every control to a named owner and to evidence, and is priced per organization rather than per seat, with data hosted in Switzerland and the EU.

35+
Years of experience in GRC
50+
Compliance frameworks pre-loaded
11
Years operating as a Swiss GRC group
0
Per-seat fees. One organization price.

Most tools hand you a checklist. Acuna gives you back control of your program.

Acuna was built by practitioners who ran audits and multi-framework programs for multinationals and regulators. That experience shows up in every screen. Requirements map once and reuse across frameworks. Controls have owners, evidence, and a cadence. Audit readiness is a state you maintain, not a scramble before the auditor lands.

Most toolsAcuna
Checklist of tasks
Controls with owners and cadence
Evidence = file upload
Evidence lifecycle, versioned
Per-seat pricing
Per-organization, one price
Siloed frameworks
One requirement, reused across all
Audit prep = a scramble
Audit readiness = a live state

Most GRC software was built by engineers who never ran a real program.

Most platforms were built by people who never sat through an ISO surveillance audit or stood up a multi-framework program from scratch. So they map requirements onto spreadsheets, charge by the seat, and hand you a database instead of a program.

Practitioners know the difference. An evidence lifecycle is not a file upload. A control is not a checkbox. Audit readiness is not a dashboard. It is an operational cadence that runs across frameworks, teams, and time.

An evidence lifecycle is not a file upload. A control is not a checkbox. Audit readiness is not a dashboard. It is an operational cadence.

Alexis Hirschhorn

CEO of Acuna · ISO 42001 Lead Auditor · CAIP

Every requirement traces to evidence.

Acuna models how a mature program actually runs. Requirements are mapped once and reused. Controls are owned by named people, with evidence links, maturity scores, and recurring tasks. Audit readiness is a live view, not a weekend project.

Every framework requirement traces to a measure, a control, a recurring task, and the evidence that proves it.

Per-seat pricing penalizes the right behavior.

When adding a control owner or an auditor costs money, teams leave out the people who should be involved. Acuna is priced per organization, because a compliance program is not a privilege for a few logins. It is a company-wide responsibility.

Per seat

Every owner, reviewer, and auditor you add is another line on the invoice, so you keep the program small.

Per organization

Bring in every owner, reviewer, and auditor. One price covers the whole company.

35+Years of experience in GRC
50+Compliance frameworks pre-loaded
11Years operating as a Swiss GRC group
0Per-seat fees. One organization price.
ISO 27001:2022 certifiedSOC 2 compliantISO 42001 Lead Auditor on teamPECB credentialedSwiss and EU data residency

The people who built it run programs for a living.

Acuna is led by practitioners, not a sales organization. Between them they hold decades in audit, privacy, cybersecurity, and AI governance, and they still operate programs today.

Henri Haenni
Chair, Acuna

Henri Haenni

CEO of Abilene Group

Business continuity and information security expert. Certified international trainer and lecturer at Sorbonne University Paris 1. Founded the Abilene Group in 2015.

Business continuityRisk managementInformation security governanceSorbonne University lecturer
LinkedIn
Alexis Hirschhorn
CEO, Acuna

Alexis Hirschhorn

ISO 42001 Lead Auditor · CAIP

Cyber security and governance consultant with 20+ years advising multinationals, governments, and international organizations.

Cyber and information securityCloud securityRisk and governance consultingCertified Lead Auditor
LinkedIn
Laura Menetrey
Legal and Compliance Expert

Laura Menetrey

Strategic legal advisor in data protection and privacy law, helping organizations navigate GDPR, NIS2, DORA, and Swiss nDSG.

Data protection lawGDPR, NIS2, DORA, nDSGPrivacy and regulatory advisoryData mapping
Jean Munyarugerero
Auditing Expert

Jean Munyarugerero

Hands-on IS and business continuity trainer and auditor with experience spanning finance, cloud, public sector, and NGOs.

IS and business continuityManagement systems auditorFinance, cloud, public sector
Jean-Emmanuel Rodriguez
Cybersecurity Governance Expert

Jean-Emmanuel Rodriguez

Supports clients through vendor risk, compliance technology integration, and gap analysis from policy development to go-live.

AI governanceInformation security governanceGap analysisGRC
Bénédicte Sévin
GRC Consulting Team Leader

Bénédicte Sévin

ISO 27001 Lead Implementer

Leads end-to-end project supervision across implementations, audits, and compliance programs for global organizations.

GRC project leadershipISO 27001 Lead Implementer15+ years international experienceI.S.I.T. Paris certified

Acuna is not a startup. It is built by an established Swiss GRC group.

Acuna is built and operated by the Abilene Group, a Swiss GRC group founded in Morges in 2015. Alongside Acuna, the group runs a consulting practice, an auditor-training academy, and a cybersecurity arm. The team holds ISO 27001:2022 certification and runs its own compliance program on Acuna. That is not a marketing line. It is how the product is quality-checked.

ISO 27001:2022 certifiedSOC 2 compliantISO 42001 Lead Auditor on teamPECB credentialedSwiss and EU data residency

What makes Acuna different.

D01

Built by practitioners

Decades in GRC, audit, and advisory work before a line of code was written.

D02

One organization price

Never per seat. Every owner, reviewer, and auditor, one invoice.

D03

Traceable compliance chain

Requirement to measure to control to task to evidence, end to end.

D04

50+ frameworks

ISO 27001, SOC 2, NIS2, DORA, GDPR, and more, pre-loaded at launch.

D05

Swiss infrastructure

ISO 27001:2022 certified, SOC 2 compliant, data hosted in Switzerland and the EU.

D06

Aiko

An AI agent built for GRC operators, not for demo slides.