Replace Tool Sprawl with One Platform

Risk • Compliance • Audit • Vendor Risk • Business Continuity • AI Governance • ESG & Sustainability

Months to Minutes

AI generates ISO documents, risk reports, and audit findings in real-time. What took weeks of consultant time now streams to your screen in minutes.

Evidence-Based Assurance

Replace subjective RAG ratings with a composite 0-100% assurance score built from 8 measurable components. Know exactly where your gaps are.

Everything Connected

Risks link to controls, threats, treatments, and vendors. Incidents raise NCRs. Audits generate findings. One change updates everywhere.

90%

Faster Report Generation

26

Standards & Frameworks

764+

Mapped Controls

1

Platform, Not Five

0

Data Silos

EU AI Act

Provision 29

ISO 42001

ISO 27001

ISO 27701

ISO 22301

AI-Powered

Multi-Tenant

ESG & CSRD

26 Completion Guides

Risk Management

Full lifecycle from identification through treatment. 9-tab risk detail, heatmaps, and automated escalation workflows across your entire organisation.

Assurance Scoring

Replace subjective RAG ratings with an objective 0–100% score built from 8 measurable components. Know exactly where your gaps are.

AI-Powered Reports

Generate ISO documents, Provision 29 board reports, and risk assessments with AI. Stream to screen in minutes — export as polished DOCX.

Compliance Automation

764+ pre-mapped controls across 26 standards. Link controls to risks, evidence, and audits. Track effectiveness with real-time dashboards.

Board Reporting

Principal risks grouped by 12 categories with Three Lines of Defence. AI-generated Provision 29 reports ready for board submission.

AI Governance

Complete AI portfolio management with use-case registry, model inventory, maturity assessments, and full EU AI Act classification wizard.

Vendor Risk

Assess and monitor third-party risk with structured questionnaires, SLA tracking, and automated risk scoring tied to your control framework.

Business Continuity

ISO 22301 aligned BCP with business impact analysis, critical asset mapping, recovery plans, and activation management workflows.

Audit Management

Plan, schedule, and execute audits with finding tracking, corrective actions, and non-conformance workflows. Full audit trail on every change.

ESG & Sustainability

8-module ESG suite: carbon accounting (Scope 1/2/3), 7 frameworks (GRI, CSRD, TCFD, CDP, ISSB, SASB, SDGs), materiality, AI report generation.

Disclaimer: Features, functionality, and specifications described in this presentation are subject to change without notice. This material is provided for informational purposes only and does not constitute a contractual commitment. GRCxAI reserves the right to modify, enhance, or discontinue any feature at any time. Actual capabilities may vary depending on subscription tier, configuration, and deployment. No guarantee is made regarding the availability, performance, or suitability of any feature for a specific use case.

Platform Overview

One Platform. Complete GRC.

GRCxAI consolidates governance, risk, compliance, vendor management, business continuity, AI governance, and ESG & sustainability into a single AI-powered platform — eliminating tool sprawl and data silos.

47+

Modules

422+

API Endpoints

208+

DB Tables

26

Standards

8+

AI Integrations

26

Completion Guides

Risk Management — 9 modules

Risk Register with 9-tab detail • 5x5 heatmaps • AI risk analysis • Risk assessments with templates • Treatments with budget tracking • Principal risks with board oversight • Top 10 ranking • 3 dashboard types • AI report streaming

Compliance & Audit — 5 modules

ISO-aligned controls with evidence • Objectives with KPI tracking • 8 audit types with guided wizard • AI finding generation • Incidents with RCA (6 methods) • Corrective actions • Non-conformances with ISO clause tracking

AI Governance — 6 modules

AI Portfolio dashboard • Use case triage (Fund/Fix/Freeze) • Model registry with drift detection • ISO 42001 maturity (5-level) • ICO risk toolkit (32 items) • EU AI Act: 6-step wizard, 84 obligations, 37 Annex III categories

Vendor Management — 2 modules

Vendor register with contacts, contracts, documents • Inherent vs residual risk scoring • SLA and auto-renewal tracking • 5 assessment types with 3 scoring methods • Vendor self-assessment support • Supply chain risk linking

Business Continuity — ISO 22301, 8 sub-modules

Business functions with BIA (RTO/RPO/MTPD) • 13 threat scenarios • Recovery strategies • BC plans • Exercises • Crisis teams • Communication plans • Live activations with actual vs planned comparison • BC Readiness Score

ESG & Sustainability — 8 modules

ESG Dashboard with E/S/G scoring • Carbon accounting (Scope 1/2/3) with emission factors • 7 ESG frameworks (GRI, CSRD, TCFD, CDP, ISSB, SASB, SDGs) • Double materiality matrix • Goals & targets with trajectory • Supply chain ESG • AI-generated ESG reports (7 templates)

ISO Documents & Training — AI-powered

AI document generation across 26 standards/frameworks • 50+ templates per standard • 764+ controls • Real-time SSE streaming with auto-save • DOCX export with branding • 26 completion guides • 19 interactive training courses (200+ modules) • Auto-generated certificates

Core Platform — 4 modules

Dashboard with 28 module cards • Calendar with 10 event types, saved filters, multi-day events • Unified task aggregation from all modules • Document library with versioning, preview (PDF/Word), classification (4 levels), folder hierarchy

Administration & Support — 6 modules

User management with RBAC • Company hierarchy (parent-subsidiary) • 6-type dept permissions • SAML SSO (Okta, Azure AD, Google, OneLogin) • TOTP 2FA • Audit log (30+ tables, field-level diffs) • AI chatbot (20+ standards) • Super Admin

Framework Coverage

26 Standards & Frameworks — 764+ Controls

The most comprehensive multi-standard coverage available. Every standard includes controls, AI document generation, a completion guide, and a dedicated training course.

10

ISO Standards

7

ESG Frameworks

9

Regulatory / Cert

764+

Total Controls

26

Completion Guides

ISO 27001:2022 — 116 controls

Information Security Management

ISO 42001:2023 — 10 controls

AI Management System

ISO 27017:2015 — 7 controls

Cloud Security Controls

ISO 27018:2019 — 15 controls

Cloud Privacy & PII Protection

ISO 27701:2019 — 13 controls

Privacy Information Management

ISO 31000:2018 — 28 controls

Risk Management Guidelines

ISO 37001:2016 — 43 controls

Anti-Bribery Management

ISO 37301:2021 — 54 controls

Compliance Management Systems

ISO 22301:2019 — 46 controls

Business Continuity Management

ISO 45001:2018 — 38 controls

Occupational Health & Safety

GDPR (2016) — 69 controls

EU Data Protection Regulation

SOC 2 Type II — 61 controls

Service Organisation Controls

PCI DSS v4.0.1 — 12 controls

Payment Card Industry Security

NIST CSF 2.0 — 95 controls

NIST Cybersecurity Framework

Cyber Essentials — 10 controls

UK NCSC Certification (v3.3)

Cyber Essentials Plus — 4 controls

UK NCSC Enhanced Certification (v3.1)

IASME Cyber Assurance — 10 controls

UK SME Cyber Security Standard

IASME DCC (2023) — 43 controls

UK MOD Defence Cyber Certification

IASME MSP (2024) — in development

Managed Service Provider Certification

Plus: EU AI Act

84 obligations • 6-step wizard • conformity assessment

NEW

7 ESG & Sustainability Frameworks — 90 Controls

GRI

26 controls

CSRD/ESRS

14 controls

TCFD

10 controls

CDP

12 controls

ISSB/IFRS

8 controls

SASB

10 controls

UN SDGs

10 controls

Risk Architecture

How Risk Intelligence Flows Through the Platform

Every risk is enriched by linked data from across the platform. Controls, treatments, threats, vulnerabilities, and evidence all feed into a composite assurance score — which rolls up to board-level reporting.

Provision 29 Annual Report

AI-streamed • Risk Type → Company → Category grouping • DOCX export with branding

Principal Risks

Weighted aggregation • 12 categories • Board oversight • Annual report

12

Risk Register & Principal Risks

From individual risk tracking with 9-tab detail views and heatmap scoring, through to board-level principal risk aggregation with weighted categories and oversight tracking.

Risk Register

Full risk inventory with inherent/residual scoring, risk owners, status tracking, and colour-coded severity.

9-Tab Risk Detail

Comprehensive view: details, controls, treatments, threats, vulnerabilities, evidence, assessments, and AI analysis.

Principal Risks

Board-level risks grouped by 12 categories with priority ordering and weighted assurance scores.

Principal Risk Detail

Linked risks, Three Lines of Defence oversight, board review tracking, and assurance score breakdown.

Assurance Scoring

8-Component Composite Assurance Score

Every risk gets a 0-100% assurance score calculated from 8 measurable inputs. This gives stakeholders a single, defensible number for how well each risk is understood and controlled — not just a red/amber/green guess.

Control Evidence

Evidence items attached vs required

Control Effectiveness

Effective / Partial / Ineffective ratio

Treatment Progress

Avg completion % across treatments

Vulnerability Posture

Remediated vs open, severity weighting

Threat Coverage

Threats identified & mitigated

Business Impact

BIA completion & impact assessment

ISO Compliance

Framework mapping completeness

Asset Classification

Critical asset identification status

Three Lines of Defence

1st Line — Operational Management

Day-to-day controls owned by business. Control count, effectiveness %, evidence status per risk.

2nd Line — Risk & Compliance

Oversight controls for compliance monitoring. Policy adherence, framework alignment, gap analysis.

3rd Line — Internal Audit

Independent assurance. Audit findings, recommendations, corrective action tracking.

Risk Assurance Tab — 8-component score breakdown

Click to enlarge — Risk Assurance tab showing all 8 components with scores, weights, and ratings

UK Corporate Governance Code

From Risk Register to Board-Ready Provision 29 Report

Principal Risks aggregate individual risks with weighted scoring, track board oversight, and generate AI-streamed annual reports meeting Provision 29 disclosure requirements.

Principal Risk Management

3 Risk Types

Principal Risk, Uncertainty, Emerging Risk — each with independent sections and priority ordering

Weighted Aggregation

Link risks with 0-100% weights. Auto-calculate inherent/residual scores. View effective/partial/ineffective control breakdown.

Board Governance

Board review tracking (last/next), overdue alerts, annual report inclusion flag, executive sponsor + co-owners

12-Category Grouping

Strategic, Financial, Operational, Regulatory, Compliance, Cyber, ESG, Geopolitical + 4 more. Priority reorder within each.

Provision 29 Annual Report

Report Hierarchy

H1

Risk Type (Principal Risk, Emerging Risk, Uncertainty)

H2

Company (Parent, Subsidiaries)

H4

Category (12 canonical categories)

H3

Individual Risk (scores, owners, controls, trend)

AI-Streamed

Real-time SSE generation

DOCX Export

Company-branded export

Board Ready

Oversight status included

Weighted Scores

Aggregated per risk

Outcome

Board-ready Provision 29 disclosures generated in minutes, not weeks. Fully traceable from individual control evidence to annual report narrative.

Compliance

Compliance & Audit Management

End-to-end compliance lifecycle from ISO-aligned controls through guided audits with AI finding generation, incident management with root cause analysis, and non-conformance tracking.

Controls

ISO catalogue + custom controls with 5 evidence types, affirmation workflow, and 0-100% effectiveness tracking.

ISO CatalogueEvidence ManagementAssurance Scoring

Objectives

Hierarchical objectives with KPI tracking (metric, target, current), progress visualisation, budget vs actual, and auto-status calculation.

KPI TrackingHierarchicalAuto Status

Audits

8 audit types, Guided Wizard with AI finding generation from Q&A, timeline tracking, and AI report streaming to DOCX.

AI Finding GenerationAI ReportsGuided Wizard

Incidents

7 types, RCA (Five Why, Fishbone, +4 methods), corrective actions with verification, NCR raising, anonymous reporting.

Root Cause AnalysisCorrective ActionsFinancial Impact

Non-Conformances

Major/Minor/Observation types, 6-step workflow (Open to Closed), ISO clause references, RCA integration, linked from incidents.

ISO Clause Ref6-Step WorkflowCSV Export

Outcome: From incident to root cause to corrective action to closed NCR — a complete audit trail your certifying body can follow end-to-end.

AI Governance

Complete AI Lifecycle Governance

From use case triage (Fund/Fix/Freeze) through model registry, ISO 42001 maturity assessment, ICO risk toolkit, to full EU AI Act classification and compliance.

AI Portfolio Dashboard

Aggregate view: use case counts, model risk distribution, maturity score, Fund/Fix/Freeze matrix

AI Use Cases

6 types, 5-factor triage scoring, portfolio decisions, EU AI Act + ISO 42001 flags, budget & ROI

AI Model Registry

7 model types, 4 sources, drift detection, vendor supply chain linking, cost tracking

AI Maturity Assessment

ISO 42001-aligned 5-level framework (Initial to Optimising), 5 domains, NIST AI RMF mapping, evidence guidance, priority improvements

AI Risk Toolkit

ICO AI & Data Protection Risk Toolkit: 32 items across 5 lifecycle stages, inherent vs residual scoring, control tracking, DPIA linking

EU AI Act Module

84 Obligations

37 Annex III Categories • 6-Step Wizard

Full deep-dive on next slide →

Outcome: Know exactly which AI systems need attention, their regulatory status, and what to do next — before your auditor asks.

EU AI Act

EU AI Act Compliance

The most comprehensive EU AI Act module available — 6-step classification wizard, 84 obligations, 37 Annex III high-risk categories, and full conformity assessment.

1

Introduction

2

Prohibited Practices

8 Article 5 checks

3

GPAI Check

Systemic risk

4

High-Risk

37 Annex III categories

5

Role

Provider / Deployer

6

Result

Obligations & deadlines

Obligation Tracker

84 obligations dynamically filtered by risk category, role, and GPAI status. Per-obligation evidence, review workflow, real-time compliance score.

84 ObligationsCompliance ScoreBatch Save

Conformity Assessment

Internal or third-party assessment with 10 required documents (Technical Docs, Risk Mgmt, Data Governance, Human Oversight, QMS, FRIA).

10 DocumentsCertificate TrackingNotified Body

Enforcement Deadlines

Feb 2025: Prohibited. Aug 2025: GPAI. Aug 2026: High-Risk. Aug 2027: Product Safety. Aug 2030: Public Authority.

5 Key DeadlinesPer-AssessmentState Persistence

Outcome: Classify each AI system in minutes with a guided wizard — then know exactly which obligations apply, track compliance %, and meet enforcement deadlines.

Vendor Management

Vendor Risk & Assessment

Full vendor lifecycle with contacts, contracts (SLA/auto-renewal), documents, and issues. Inherent vs residual risk scoring, criticality tiers, and supply chain linking.

Vendor Register

Risk scoring (1-25), criticality tiers, contract expiry monitoring

Vendor Assessments

5 types, 3 scoring methods, vendor self-assessment, evidence

Click to enlarge

Business Continuity

ISO 22301 BCP — 8 Sub-Modules

Business Functions (BIA)

RTO/RPO/MTPD tracking, dependency mapping

Scenarios & Strategies

13 threat types, hot/warm/cold standby, cost estimation

Crisis Teams & Exercises

Tabletop/simulation/full interruption with NCR integration

Live Activations

Real-time crisis tracking, actual vs planned RTO

Click to enlarge

ESG & Sustainability

Complete ESG Management — 8 Modules

From carbon accounting and double materiality assessments through 7 ESG framework compliance to AI-generated sustainability reports — everything organisations need for CSRD, GRI, TCFD, and beyond.

8

Sub-Modules

7

Frameworks

3

Emission Scopes

7

AI Report Templates

40+

ESG Metrics

ESG Dashboard

E/S/G pillar scores with trend sparklines, Scope 1/2/3 emissions totals, framework compliance progress, active goals tracker, and ESG incident feed

Carbon Accounting

Scope 1 (Direct), Scope 2 (Indirect-Energy), Scope 3 (Value Chain) tracking with emission factor picker, auto-calculation, and data quality tagging

Double Materiality Assessment

Impact-based & financial-based scoring with matrix visualisation, 4 materiality classifications, and GRI topic mapping

Goals & Targets

Net-zero, renewable energy, diversity targets with baseline→target trajectory modelling, milestone tracking, and SBTi commitment linking

7 ESG Frameworks

GRI CSRD/ESRS TCFD CDP ISSB/IFRS SASB UN SDGs

Enable per company • Completion % tracking • Document templates • Guided assessment • AI document generation

AI-Generated ESG Reports

7 report templates (CDP, CSRD, GRI, ISSB, SASB, TCFD, SDGs). AI-powered markdown generation with real-time streaming, DOCX export, version tracking

Supply Chain ESG

Vendor ESG assessments with E/S/G pillar scoring, risk tier classification (Low→Critical), and colour-coded score cards

ESG Metrics & KPIs

40+ metrics across E/S/G pillars, framework-aligned (GRI, SASB, TCFD), baseline→target tracking, 5 data quality levels, 5 verification types

Outcome: From carbon footprint measurement to CSRD-ready sustainability disclosures — AI-generated reports across 7 frameworks in a single module. No separate ESG tool needed.

AI ISO Documents

AI-Powered Document Generation

Generate compliance documents with real-time AI streaming across all 26 standards & frameworks, 50+ templates each and 764+ mapped controls. Export to DOCX with company branding.

26

Standards

764+

Controls

50+

Templates Each

SSE

Real-time Streaming

AI Streaming Generation Auto-Save Completeness Score DOCX Export

ISO Training

Interactive Training Platform

19 courses covering every standard with interactive lessons, quizzes, progress tracking, and auto-generated certificates with verification codes.

19 Courses, 200+ Modules

All 19 standards covered with interactive lessons and quizzes

Quizzes & Progress Tracking

4 question types, per-module completion %, time tracking

Auto-Generated Certificates

Verification codes, PDF download, audit-ready proof of competence

Training Dashboard

Learners see all 19 courses with real-time progress bars, module completion percentages, and time spent. Managers can track team-wide compliance readiness at a glance.

Auto-Generated Certificate

On course completion, certificates are generated automatically with unique verification codes, final scores, and issue dates — downloadable as PDF for audit evidence.

Implementation Guides

26 Step-by-Step Completion Guides

Every standard and framework on the platform has a dedicated, comprehensive completion guide — walking teams from initial risk assessment through controls, documentation, assessment, audit, and training.

26

Guides

10

ISO Standards

7

ESG Frameworks

4

Regulatory

5

Cybersecurity

1

Risk Assessment

Identify scope & risks

2

Controls

Import & configure

3

Documentation

AI-generate ISMS docs

4

Assessment

Guided clause review

5

Audit

Internal audit programme

6

Training

Course completion

ISO Standards

10

ISO 27001 — Information Security

ISO 42001 — AI Management

ISO 27017 — Cloud Security

ISO 27018 — Cloud Privacy

ISO 27701 — Privacy Mgmt

ISO 31000 — Risk Management

ISO 37001 — Anti-Bribery

ISO 37301 — Compliance

ISO 22301 — Business Continuity

ISO 45001 — OH&S

ESG Frameworks

7

GRI — Global Reporting Initiative

CSRD/ESRS — EU Sustainability

TCFD — Climate Disclosures

CDP — Carbon Disclosure

ISSB/IFRS — Sustainability S1/S2

SASB — Industry Standards

UN SDGs — 17 Global Goals

New — Full Guides

Regulatory

4

GDPR — Data Protection

SOC 2 — Service Org Controls

PCI DSS — Payment Card Security

NIST CSF — Cybersecurity 2.0

Cybersecurity

5

Cyber Essentials — UK NCSC

CE Plus — Enhanced Cert

IASME CA — Cyber Assurance

IASME DCC — Data Compliance

IASME MSP — MSP Assurance

Dedicated App

Opens in new window

Table of Contents

Scrollspy navigation

Platform Links

Deep-links to modules

AI-Powered

Context-aware guidance

Training Linked

Course per standard

AI Compliance Assistant

Your Always-On ISO Consultant

An AI-powered chatbot trained across all 26 standards and frameworks, providing instant expert guidance on clauses, implementation steps, common questions, and best practices — no waiting for consultants.

26 Standards at Your Fingertips

Browse all supported frameworks from a single Help & Guidance panel. Each standard has its own tile with dedicated guidance — from ISO 27001 to IASME MSP. Staff can self-serve compliance questions instantly.

Structured Guidance per Standard

Each standard surfaces common questions grouped by topic, key clause areas, and suggested prompts. Shown here: ISO 42001 with AI Management System categories — helping teams know exactly what to ask.

Expert-Level AI Responses

The chatbot delivers detailed, structured answers with implementation steps, example scope statements, timelines, and common pitfalls. Conversation history is saved and searchable — building an organisational knowledge base over time.

Administration

Enterprise Administration & Support

Complete platform administration with multi-tenancy, RBAC, SAML SSO, comprehensive field-level audit logging, and AI-powered compliance chatbot.

Admin Settings

User CRUD, company hierarchy, dept permissions (6 types), ISO framework config

Audit Log

Field-level diffs across 30+ tables, UUID resolution, record timeline, CSV export

SAML SSO

Okta, Azure AD, Google Workspace, OneLogin with auto-provisioning

Risk Escalation

Authority hierarchy, score-based triggers, company-scoped role assignments

Platform Features

Multi-Tenant & AI-Powered

Cross-tenant management, bulk ownership transfer, AI compliance chatbot, and a full knowledge base for self-service support.

Compliance Chatbot

AI assistant supporting 26 standards with multi-conversation context

Super Admin

Cross-tenant orgs, users, domain whitelisting, support tickets

User Reassignment

Bulk ownership transfer across 8 entity types and 12 role types

Help Center

Knowledge base with articles, FAQs, quick-start guides, Ctrl+K search

User Reassignment Wizard

Risk Escalation Levels

Risk Sign-Off Roles

SAML SSO Configuration

Technology

Modern, Secure Architecture

Built on enterprise-grade infrastructure with security at every layer.

Next.js 16

App Router, TypeScript

Rust Backend

Cloudflare Workers

Supabase

PostgreSQL, 208+ tables

Claude AI

8+ integrations, SSE

Cloudflare

Pages + Workers, edge

Security

JWT, SAML, TOTP, AES

Authentication

Email/Password (12+ chars) • Google OAuth 2.0 • Microsoft OAuth 2.0 • SAML 2.0 SSO • TOTP 2FA with backup codes • AES-256-GCM encryption

Export & Reporting

DOCX with company logos & cover pages • Excel with formatting • CSV raw data

AI Capabilities

Risk analysis • 13 report types (6 risk + 7 ESG) • ISO docs (26 standards) • Audit findings • Compliance chatbot (26 standards) • ESG reports • BIA/BC plan generation • Multi-language

AI-Native Comparison

GRCxAI vs AI-Native Platforms

The only platform that natively covers ISO 42001, ISO 27001, ISO 27701, EU AI Act, and full ESG/CSRD compliance in a single tool.

Capability	GRCxAI	Enzai	Kertos	Vanta	Drata
ISO 42001 (AI Governance)
ISO 27001 (InfoSec)
ISO 27701 (Privacy)
EU AI Act Compliance
ISO 22301 (BCP)
AI Model Registry
AI Maturity Assessment
Risk Register & Heatmaps
Vendor Risk Management
AI Document Generation
Compliance Chatbot
ESG & Sustainability Module
CSRD/ESRS Compliance
26 Standards & Frameworks
Provision 29 Reporting
All 5 Key Standards + ESG Natively

Enterprise Comparison

GRCxAI vs Enterprise GRC Platforms

Purpose-built and AI-native vs legacy platforms that require months of implementation and six-figure budgets.

Capability	GRCxAI	ServiceNow GRC	IBM OpenPages	Corporater	SAP GRC
ISO 42001 (AI Governance)
ISO 27001 (InfoSec)
ISO 27701 (Privacy)
EU AI Act Compliance
AI Document Generation
Provision 29 Reporting
ESG & Sustainability (8 modules)
CSRD/ESRS + 6 ESG Frameworks
26 Standards Pre-Mapped
26 Completion Guides
Compliance Chatbot
Risk Heatmaps & Scoring
Vendor Risk Management
Business Continuity
Setup in Days (not Months)
No Per-Module Licensing
AI-Native, Ready Today

One Platform. Complete Coverage.

ISO 42001 + ISO 27001 + ISO 27701 + EU AI Act + ESG/CSRD — 26 standards natively integrated. No second tool needed. No data silos. No integration headaches.

Book a Demo

Enterprise Security

AI-Powered

EU AI Act Ready

ESG & CSRD

Multi-Tenant

Cloud Native