
A new compliance management platform – shaped by teams from across our group, for the kind of regulated, audit-heavy environments Bold Communications has worked in for decades – brings quality, information security and trust together on one process map and one audit trail.
16/07/2026 · By Bold Communications
Anyone who has prepped for an ISO audit on a shared drive knows the routine: registers, risk logs, the Statement of Applicability and audit schedules scattered across spreadsheets, versions diverging, evidence chased for weeks. Hold more than one certification and it doubles, because ISO 9001 and 27001 share evidence a spreadsheet can’t connect.
A new platform launching this month sets out to retire that routine. Obligara is a compliance management platform that unifies ISO 9001, ISO 27001 and SOC 2 in a single workspace, with a genuine cross-walk between frameworks, embedded AI, and a shared audit trail.
For us at Bold Communications, it is a launch worth marking – because Obligara was shaped by people who have worked in the same regulated, mission-critical environments we serve.
At the centre of Obligara is a genuine ISO 27001 → SOC 2 cross-walk. All 93 ISO 27001 Annex A controls are instantiated per workspace and mapped to 71 SOC 2 Trust Services Criteria through 71 cross-walk mappings. The practical effect: an organisation that already holds ISO 27001 can move toward SOC 2 readiness without rebuilding its evidence base from scratch – or, where it prefers, start from a 40-control SOC 2 pack.
There is a point of direct relevance for the alarm-monitoring world, too: alongside the core frameworks, Obligara supports an NSI Monitoring (ARC) scheme – the kind of standard the Alarm Receiving Centres many of our own customers operate are measured against.
Obligara was developed by compliance and information security specialists from across the Manos Software Group, one of Valsoft Corporation’s decentralized operating entities – including Bold Communications, GeminiSense, and Innovative Business Software. Between them, these teams have spent years running ISO 9001 and ISO 27001 programmes in environments where compliance is an operating requirement rather than an annual exercise: alarm monitoring for control rooms, security operations across the Nordics, mission-critical software for government, banking and healthcare. They maintained the evidence, faced the auditors and were accountable for the gaps – and built Obligara to fix what the available tools were missing.
“For the businesses we work with, compliance is not a growth initiative – it is an operating condition, and a failed audit or a lapsed certification can put contracts, insurance terms and customer trust at risk,” said Marc Cooke, Portfolio Manager at Valsoft Corporation and Managing Director at Bold Communications. “Across a dozen of our businesses I have watched teams carry multiple frameworks across multiple jurisdictions on spreadsheets and willpower. Obligara gives leaders a live view of where they stand across every framework, so compliance becomes something they manage with confidence rather than discover under pressure.”
Embedded AI with human sign-off
Obligara’s AI works inside the customer’s row-level-security boundary using read-only, schema-bound tools. It verdicts each control as ready, partial or gap with the cited evidence behind every call, drafts CAPA root-causes and review inputs, and proposes ISO 27001 → SOC 2 mappings – but it never saves a record on its own. Every assist fills a form for a person to review and sign, and the audit log only ever records a human signature, never the model’s output.
“The tools we used over the years could store documents, but they couldn’t connect the evidence,” said Nathan Meldrum, technical architect of Obligara, who spent eight years building monitoring software at Bold Communications and GeminiSense. “We built Obligara around shared evidence, a single audit trail and AI that handles the tedious drafting while a human signs every record. The architecture reflects the specific shortcomings we hit running ISO 27001 in production.”
Deployment options
Obligara is available as managed SaaS with UK / EU data residency as standard, or self-hosted on-premises or in a customer’s own cloud for the most data-sensitive environments, with SSO / SAML across both.
Obligara is available now. To see the cross-walk, the embedded AI and the shared audit trail running against a real workspace, visit Obligara.com.
About Obligara
Obligara is a compliance management platform that unifies ISO 9001, ISO 27001 and SOC 2 in one workspace, with a genuine cross-walk between frameworks, embedded AI, and a shared audit trail. Obligara is a Valsoft Corporation product. For more information, visit obligara.com.
About Bold Communications
Bold Communications is a UK-based developer of mission-critical alarm monitoring and security communications software, with more than 30 years’ experience serving Alarm Receiving Centres, corporate and industrial monitoring operations, and the public sector. Its GeminiSense platform and related products keep control rooms running across security, government, utilities and healthcare. Bold Communications is part of the Valsoft Corporation group. For more information, visit boldcommunications.co.uk.
About Valsoft Corporation
Valsoft acquires and develops vertical market software businesses that provide mission-critical solutions in their respective niches. Valsoft’s strategy is to invest for the long term, enabling businesses to benefit from global expertise, shared best practices, and a decentralized structure that allows them to retain their entrepreneurial spirit while achieving sustainable growth.
For more information, please visit: www.valsoftcorp.com
Media Contact
For Media and Marketing enquiries, please contact [email protected]