Vision/Traction Organizer (V/TO)

Vision/Traction Organizer (V/TO)

The V/TO is the single source of truth for where Unicis is going and how we will get there. Every team member should read and understand this document. It is reviewed and updated at every Annual Planning session and checked at every Quarterly session.

← Back to Leadership

Core Values

Core Values are not aspirational — they describe how Unicis already operates at its best. We hire, review, reward, and part ways with people based on these values.

Value	What it means in practice
Openness by default	We build in the open. Our code, our handbook, and our reasoning are public. We default to transparency internally and externally, including sharing our mistakes.
Trust through compliance	We practice what we preach. Unicis holds itself to the same compliance and security standards we help our customers achieve.
Small team, big ownership	Every Unician owns their domain completely. We don't wait for permission. We flag problems early, propose solutions, and follow through.
EU-first mindset	We build for the European regulatory context — GDPR, NIS2, DORA, CRA — and for the SMEs navigating it. Our infrastructure, our values, and our partnerships reflect this.
Honest over comfortable	We give and receive direct feedback. We name problems clearly. We do not let politeness get in the way of progress.

💡 Using Core Values: When hiring, ask behavioural questions that surface each value. In performance reviews, assess each value explicitly. When something feels wrong culturally, trace it back to a Core Values violation.

Core Focus

Purpose (Why we exist)

To make compliance effortless, efficient, and transparent for every European SME — so that security, privacy, and risk teams can focus on real work instead of spreadsheet management.

Niche (What we do and for whom)

Open-source GRC platform for EU SMEs navigating NIS2, GDPR, ISO 27001, DORA, and CRA.

10-Year Target

“By 2035, Unicis is the default open-source GRC platform for EU SMEs — with 10,000+ active organisations on the platform, a self-sustaining open-source community, and recognised status as a trusted EU digital infrastructure provider.”

This target is ambitious but achievable. It requires consistent execution on product, community, and partnerships — not a step-change pivot.

3-Year Picture

What does Unicis look like on 1 January 2028?

Revenue: €1M+ ARR from subscriptions and partner program
Customers: 500+ active paid organisations on the platform
Product: Full coverage of NIS2, GDPR, ISO 27001, DORA, and CRA in a single unified workflow; incident management module live; AI-assisted compliance recommendations in GA
Team: 8–12 full-time Unicians across product, engineering, and GTM
Community: 1,000+ GitHub stars; active contributor community; Weblate translations in 5+ EU languages
Infrastructure: billing.unicis.tech live with full self-serve subscription management; Better Auth migration complete
EU Projects: OSCRAT, VIC, CyberSec4OT, and SAFE SPORT completed; 1–2 new Horizon/NGI grants secured
Partnerships: 20+ active reseller/integration partners in the EU partner program

1-Year Plan

What must be true by 31 December 2026 for us to be on track for the 3-Year Picture?

Revenue Goal

€150,000 ARR

Measurables

50 paying organisations on the platform
Partner program launched with 5 active partners
billing.unicis.tech live and processing recurring subscriptions

Company Priorities (Annual Rocks)

Ship Better Auth migration — complete auth layer migration from NextAuth v4/BoxyHQ to Better Auth; self-hosted audit log in production
Launch billing.unicis.tech — unified subscription and licence management service live; Dolibarr integration for recurring invoicing
Incident Management module GA — port OSCRAT incident module to Unicis Platform; release as GA feature
NIS2/DORA/CRA compliance checklists — structured checklist flows for all three frameworks live in the platform
Partner program launched — programme structure, onboarding, and first 5 partners signed
EOS implemented at 60%+ — V/TO adopted, Accountability Chart live, weekly L10s running, Scorecard in use

Marketing Strategy

Target Market (Ideal Customer)

Dimension	Definition
Company size	10–250 employees
Geography	EU — priority markets: DACH, Nordics, Benelux, Baltics
Sector	Technology, fintech, healthtech, SaaS
Trigger	NIS2 compliance deadline pressure; ISO 27001 certification in progress; GDPR audit preparation
Buyer	CTO, CISO, DPO, or Compliance Lead at an SME without a dedicated GRC tool
Pain	Managing compliance in spreadsheets; multiple disconnected tools; no audit trail; cost of enterprise GRC tools

3 Uniques (Why Unicis, not a competitor)

Open-source and auditable — the only EU-focused GRC platform where the full codebase is public, self-hostable, and community-audited
EU regulatory depth — native support for NIS2, GDPR, ISO 27001, DORA, and CRA in a single platform, built by a team operating under EU law
SME-priced, enterprise-capable — open-core pricing that starts free and scales; no per-auditor or per-framework fees

Proven Process (How we deliver value)

“The Unicis Compliance Journey”

1. Deploy — self-hosted or SaaS in under 30 minutes
2. Map — import existing controls and assets; auto-map to relevant frameworks
3. Assign — assign tasks, owners, and deadlines via the CSC workflow
4. Evidence — collect and store compliance evidence in-platform
5. Report — generate SoA, audit reports, and dashboards
6. Maintain — recurring tasks, notifications, and API integrations keep compliance live

Review Schedule

Cadence	Activity
Weekly	Rocks and Scorecard reviewed in Level 10 meeting
Quarterly	Full V/TO review; update 1-Year Plan; set new Rocks
Annually	Full V/TO rewrite; update 3-Year Picture; set Annual Rocks

→ See the Scorecard | → See Rocks & Traction | → See Accountability Chart

Last reviewed: Q2 2026 — next review: Q3 2026 Quarterly Session

vision, vto, eos

Table of Contents