Skip to content
GRC Platform · Built for modern teams

Compliance
without the
complexity. spreadsheets. consultants. chaos.

01GRC brings your entire governance, risk and compliance programme into one intelligent platform — at a fraction of the cost and effort of legacy tools.

Request a demo
Early access open · several frameworks + your own · built by GRC practitioners
The problem

GRC shouldn't be a full-time job for half your team.

Traditional governance, risk and compliance tools were built for enterprises with armies of consultants and seven-figure budgets. For everyone else, that means three problems on repeat.

Spreadsheet chaos

Risk registers, control matrices and evidence trackers scattered across files. Different versions, conflicting owners, lost in email threads.

Audits eat your quarter

Every audit means weeks of manual evidence gathering, chasing screenshots, and reformatting the same control for every framework. Again.

Consultant dependency

Legacy GRC platforms need expensive specialists to implement, configure and maintain. The price tag doesn't include the people you have to hire to run it.

Platform

Everything your team needs.
Nothing they don't.

01GRC consolidates your entire GRC programme into one intelligent platform — purpose-built for efficiency, not enterprise lock-in.

01

Risk register & assessment

Identify, score and track risks across your organisation with automated heat maps, ownership workflows and real-time status — all in one register.

Heat maps · ownership · trending
02

Control library & mapping

Pre-built control templates mapped across 7 built-in frameworks — and add or edit your own standards. Reuse a single control across multiple programmes, with no duplicate effort.

7 frameworks + your own · 1:N mapping
03

Evidence & control testing

Centralise evidence, link it to controls and test effectiveness on a schedule. Evidence-health tracking flags stale or weak controls before an auditor does.

Evidence health · effectiveness testing
04

Real-time compliance dashboards

Live compliance posture by framework, by team, by control area. Replace quarterly slide decks with always-current reality your leadership can act on.

Live · per-framework · per-team
05

Vendor & third-party risk

Onboard vendors with built-in questionnaires, then track contracts, subcontractors and residual risk in one place — and export a DORA Register of Information when your regulator asks. Renewal dates and slipping scores are flagged automatically.

Questionnaires · subcontractors · DORA register
06

Privacy & data protection

Maintain records of processing and data-flow maps, then export your Article 30 ROPA in a click. ISO 27701 privacy controls sit alongside your security programme, so privacy and security live in one place instead of two tools.

ROPA · data mapping · ISO 27701
07

Policy management

Author, version, distribute and track acknowledgement of every policy. Audit trail included by default — no separate document-management bolt-on.

Versioning · attestations
08

Business continuity & resilience

Run business impact analysis with RTO and RPO targets, then prove recovery with tabletop, simulation and failover exercises — the evidence DORA and NIS2 expect.

BIA · RTO/RPO · see the graph
09

Incidents, audits & reviews

Track incidents with MTTD and MTTR, run internal audits with findings and actions, and sign off periodic management reviews into immutable, audit-ready snapshots.

Incidents · audits · sign-off
10

Asset & process intelligence

Keep a live inventory of assets and business processes with owners, criticality ratings and recovery targets. The platform works out which controls each one needs, so risk, resilience and compliance all hang off a single backbone.

Inventory · criticality · see the graph
11

Training & awareness

Assign courses, run quizzes and capture policy acknowledgements in one place. Evidence of competence is collected as people complete them — the proof ISO 27001 expects, without a separate learning tool to license.

Courses · quizzes · competence evidence
12

Reporting & exports

Generate audit-ready reports on demand and export the documents your regulators ask for — Statement of Applicability, Article 30 ROPA and DORA register — straight from live data, with no manual repackaging.

SoA · ROPA · audit-ready reports

Several frameworks built in — and add your own.

Frameworks

Coverage you can show your regulator.

See exactly how 01GRC maps to each standard — control by control, requirement by requirement. More framework guides land as we publish them.

DORA

Digital operational resilience — ICT risk management, incident handling, resilience testing and the one-click Register of Information.

See DORA coverage
ISO/IEC 27001:2022

Run the ISMS and assure all 93 Annex A controls — Statement of Applicability, control testing, internal audit and management review.

See ISO 27001 coverage
ISO/IEC 27701

Extend your ISMS into a PIMS — the privacy management system plus records of processing, data inventory, retention and processor oversight.

See ISO 27701 coverage
NIS2

Article 21 risk-management measures, incident handling and supply-chain security for essential and important entities — with effectiveness proof.

See NIS2 coverage
GDPR

Records of processing, data-flow mapping and a one-click Article 30 ROPA alongside your security programme.

See GDPR coverage
CIS Controls v8.1

All 18 Controls and 153 Safeguards mapped to your controls, evidence and assets — with several performed natively.

See CIS Controls coverage
Dashboards

One platform. Six live dashboards.

Risk, compliance, controls, assets, incidents and management review — each a purpose-built view that updates as your programme changes. Here are three of them.

Connected model

Your risk isn't a row in a table.
It's a chain reaction.

Other GRC tools store a risk, an asset or a process as an isolated record you tag and report on. 01GRC models the living dependency graph behind them — so you see, at a glance, exactly what a threat touches and what breaks downstream.

THREAT ACTORHacker RISKRansomware VULNERABILITYUnpatched VPN ASSETPayments DB PROCESS · CRITICALCard Payments PROCESS · IMPORTANTOrder Shipping SUBPROCESS · DOWNSTREAMFraud Detection
Threat actor Risk Vulnerability Asset Process Subprocess
See all four views
Why 01GRC

Built for the way modern teams
actually work.

A side-by-side look at how 01GRC compares to the legacy GRC platforms most organisations are stuck with today.

Capability
Traditional GRC
01GRC
Annual cost
$80K+ in licences alone
From a fraction of that
Time to first value
6–12 months of implementation
Live within hours
Consultant dependency
Specialists required to operate
Self-service, guided workflows
Scoping & applicability
You decide what applies, by hand
A rule engine scopes it and builds your SoA
Evidence collection
Manual screenshots & exports
Centralised & tested on a schedule
Audit trail & integrity
Edits untracked, files unverified
Every change logged, files scanned & encrypted
Framework coverage
Single framework, add-ons per extra
7 frameworks built in + add your own
Team size required
Dedicated GRC team needed
Works for any team size
Reporting
Quarterly static reports
Real-time dashboards
Updates & new frameworks
Paid upgrades & re-implementation
Included, always current
Outcomes

What 01GRC is built to deliver.

The targets we hold the platform to — measured against doing GRC with spreadsheets and legacy tooling.

Days, not weeks
Audit prep time

Live dashboards and one-click effectiveness exports replace manual evidence packs.

Hours
From sign-up to live programme

A guided scoping wizard picks your control baseline. No implementation project, no consultants.

Many + your own
Frameworks built in

ISO 27001, DORA, GDPR, NIS2, CIS Controls and more — plus add or edit your own.

1 platform
Replaces the spreadsheet stack

Risk, controls, evidence, BIA, incidents, vendors and audits — in one place.

How it works

Three steps from sign-up to audit-ready.

01

Set up your workspace

Add your organisation, assets and frameworks in minutes. A guided scoping wizard selects the control baseline that applies to you — no consultants required.

02

Pick your frameworks

Select the standards you need to comply with. Controls and templates are pre-mapped — you focus on what's specific to your environment.

03

Prove and improve

Watch your posture climb in real time. Generate audit-ready reports on demand. Reduce risk by acting on what the dashboard surfaces.

See it in action

A two-minute look inside 01GRC.

Want a guided walk-through with one of our team? Request a demo — we'll show you the parts most relevant to your stack and frameworks.

Early access

Become a design partner.

We're onboarding a small number of early-access teams — compliance leads at regulated firms who want a GRC platform shaped around how they actually work. Design partners get preferential pricing locked in permanently, direct input into the roadmap, and white-glove onboarding from the practitioners building the product.

Apply for early access

See your compliance programme
the way it should look.

Book a personalised walkthrough — we'll demo the platform on data shaped like yours. No slideware, no committee.

Request a demo