Platform Features

Every GRC function.
One connected platform.

From policy to risk to evidence to remediation — ClearGRC connects every GRC function your organisation depends on, with AI that explains every recommendation and keeps your team in control.

Governance Risk Compliance Controls Audit Issues Third-Party AI Platform
Governance

Build policies people actually follow.

Establish accountability and organizational governance with full policy lifecycle, tokenized attestation, and structured exception management — no platform login required for recipients.

9 features in this module
Policy Management
Full lifecycle: draft, review, approve, publish, retire — with version control.
Tokenized Attestation
Recipients acknowledge policies via signed email links — no login needed.
Standards & Procedures Library
Centralized library of standards, procedures, and process documentation.
Exception Management
Track, approve, and time-bound exceptions with clear ownership.
Approval Workflows
Configurable multi-stage approval with optional unanimous review.
Organizational Hierarchy
Business units, departments, and roles with responsibility assignment.
Enterprise Risk Management

Identify and prioritize risk before it becomes a finding.

One register for enterprise, operational, cyber, vendor, and project risk — scored on your matrix, mapped to controls and assets, and continuously monitored.

14 features in this module
Enterprise Risk Register
Cyber, operational, IT, business, and project risk in one connected register.
Configurable Scoring Matrix
Define your own Impact × Likelihood scales — exposure calculated automatically.
Inherent & Residual Risk
Track risk before and after control effectiveness — see the real exposure.
Risk Heat Maps & Dashboards
Visual heat maps your board can read — drillable to the underlying risks.
Treatment Plans
Accept, Avoid, Mitigate, or Transfer — with justification and ownership.
KRIs & Continuous Monitoring
Track Key Risk Indicators and trigger reviews when thresholds breach.
Compliance Management

Stay continuously audit-ready — not just at audit time.

Map controls, run assessments, and collect evidence across 35+ frameworks, regulations, and standards. Continuous scoring shows where you stand, today.

10 features in this module
Regulatory Library
35+ frameworks, regulations, and standards — maintained for you.
5 Assessment Types
Readiness, Self, Entitlement, Gap Analysis, and Third-Party assessments.
Multi-Framework Mapping
Map one control to many frameworks — assess once, comply many times.
Evidence Repository
Versioned evidence linked to the controls it actually supports.
Compliance Calendar
Track obligations, deadlines, and recurring reviews in one place.
Compliance Status Dashboard
Weighted scoring shows real-time compliance posture across frameworks.
Controls Management

One control library. Mapped everywhere it applies.

Centralize internal control management — define once, map across frameworks, test continuously, and track effectiveness over time.

9 features in this module
Central Control Library
One source of truth — every control with ownership and lifecycle state.
Preventive & Detective
Classify by control type, automation level, and frequency.
Cross-Framework Mapping
Link one control to many requirements — test once, satisfy many.
Effectiveness Reviews
Scheduled control testing with results, evidence, and remediation linkage.
Control Relationships
See which risks, assets, and policies each control supports.
Control Certification
Periodic owner certification with full audit trail.
Audit Management

Plan, execute, and close audits with full traceability.

Annual audit programmes with planning, fieldwork, findings, and corrective actions — connected directly to the controls, risks, and policies they assess.

10 features in this module
Annual Audit Plan
Build, schedule, and track the full annual programme by audit type.
Audit Programs & Checklists
Standardized programmes with reusable checklists per audit type.
Working Papers & Evidence
Collect, version, and reference evidence per finding.
Findings & Recommendations
Document findings with severity, root cause, and recommended action.
Corrective Actions
Findings flow directly into the remediation tracker — no handoff loss.
Audit Reports
Board-ready PDF reports with full traceability back to source.
Issue & Remediation

Turn findings into closed actions — not backlog.

Issue tracking with root cause analysis, structured action plans, due date enforcement, and closure approval — so nothing slips between audit and remediation.

9 features in this module
Issue Tracking
Every finding becomes a tracked issue with full ownership and status.
Root Cause Analysis
Document causes so fixes address the source, not the symptom.
Action Plans & Tasks
Break remediation into discrete tasks, assigned and tracked.
Escalation Rules
Auto-escalate overdue items by severity and ownership level.
Closure Approval
Issues only close when the right person signs off — with evidence.
Remediation Dashboards
See aging, severity breakdown, and time-to-close at a glance.
Third-Party Risk

Know the risk vendors bring — before they become business risk.

Vendor onboarding, due diligence, automated scoring, and recurring assessments — with a dedicated vendor portal so third parties respond without ever logging into your platform.

9 features in this module
Vendor Register & Tiering
Onboard vendors with tier classification by criticality and data access.
Due Diligence & Assessments
Structured security questionnaires sent to vendor contacts directly.
Automated Scoring
AtRisk [0-50] · Moderate [50-70] · OnTrack [70-100] — configurable bands.
Contract Lifecycle
Track scope, regulations, dates, and renewal alerts per vendor.
Recurring Reviews
Annual, semi-annual, quarterly, or monthly reassessment cadence.
Dedicated Vendor Portal
Third parties respond via their own portal — no platform license needed.
AI Across the Platform

AI that helps people decide — not a replacement.

AI runs horizontally across every module, helping your team work faster and smarter while keeping humans in control of every decision.

AI Search

Find risks, controls, policies, audits, and evidence in plain English — across your entire GRC programme.

AI Summaries

Long policies, audit reports, findings, and assessments distilled to what matters — in seconds.

AI Recommendations

Suggest related controls, policies, risks, and remediation actions — backed by the evidence behind them.

AI Insights

Identify trends, recurring issues, and emerging risks — before they become audit findings.

AI Reporting

Executive-ready summaries and board reports — generated from your live GRC data, not slides.

Explainable AI

Every AI recommendation is transparent and reviewable — your team accepts, modifies, or rejects with full context.

Every output is backed by evidence. Every conclusion is explainable. Every decision stays under human control.

Reporting & Dashboards

Visibility for everyone — from operator to board.

Real-time dashboards, KPI/KRI tracking, drill-down analytics, and board-ready exports. The right view for the right role.

Executive Dashboards

Risk posture, compliance score, and remediation health at a glance.

Operational Views

Per-module dashboards for assessors, reviewers, and approvers.

KPI & KRI Tracking

Define metrics, set thresholds, and trigger reviews when they breach.

Board-Ready Reports

QuestPDF-generated reports with full traceability. Excel and PDF exports throughout.

Enterprise Platform

Built for enterprise scale.

The plumbing your CISO, CIO, and IT team will ask about — security, configurability, and administration done right.

Security

  • Granular 8-flag RBAC per module
  • Azure AD B2C SSO
  • Multi-factor authentication
  • Dual-layer immutable audit trail
  • Data encryption in transit & at rest
  • Multi-tenant data isolation

Configuration

  • Custom fields per module
  • Configurable workflows & approvals
  • Custom forms & assessment templates
  • Business rules & automations
  • Configurable scoring matrices
  • Workflow & SLA configuration

Notifications

  • Email alerts & review reminders
  • SignalR real-time in-app notifications
  • Configurable reminder rules
  • Escalation chains by role
  • SLA tracking & breach alerts
  • Scheduled review cadences

Administration

  • User & role management
  • Organization hierarchy & departments
  • Asset, application, & service register
  • License management
  • Redis cache control
  • Integration management (Nessus, Azure OpenAI, n8n)

See ClearGRC in action.

Walk through the modules that matter most to your programme — from policy attestation to risk register to board report. We'll show you what live evidence intelligence looks like.

Request Demo