Connected model · Dependency graphs

Your risk isn't a row in a table.
It's a chain reaction — and we draw it.

Most GRC platforms store a risk, an asset or a process as an isolated record you tag and report on. 01GRC models the living dependency graph of your organisation — so you can see, at a glance, exactly what a threat touches and what breaks downstream. These four views ship in the product and are generated from your own data.

Request a demo Back to platform

Risk in context

From the attacker to the subprocess three steps away

A risk in 01GRC is a chain, not a line item. Follow a single threat actor through the vulnerability it exploits, the asset it compromises, the processes that asset runs — and the dependent subprocess that quietly fails too. Traditional GRC registers stop at “risk → control”; 01GRC shows the full blast radius, so nobody discovers the knock-on impact mid-incident.

Threat actor Risk Vulnerability Asset Process Subprocess

Operational impact

Know exactly what breaks when an asset goes down

Every asset is mapped to the business processes it supports — with their criticality — and onward to the subprocesses that depend on them. When an asset is impaired you see the real operational impact immediately, not after a war-room scramble. Register-based tools record an asset as a row; 01GRC records what the business actually loses if it fails.

Asset Process Subprocess Critical Important Non-critical

Blast radius

See the chain reaction before it happens

Processes depend on processes. 01GRC models those upstream and downstream dependencies as a first-class graph, so a disruption in one process reveals every subprocess it drags down with it. This is the view that checklist- and spreadsheet-driven GRC simply can't produce — because they never captured the relationships in the first place.

Process Subprocess

Business Impact Analysis

Recovery objectives where the business can see them

Business Impact Analysis comes alive: processes are coloured by derived criticality, and every dependency carries its RTO and RPO. Criticality isn't typed into a form — it's computed from your BIA inputs and flows through to vendor criticality. Few GRC platforms connect impact analysis, recovery objectives and the dependency graph in a single, board-ready picture.

Critical Important Non-critical Recovery objectives shown on each dependency line

Why this is hard to copy

The business graph is the spine — not a reporting add-on

Competitors can bolt a diagram onto a record. 01GRC is shaped by the dependency graph: departments, processes, assets, data flows and vendors are one connected model, and risks, controls, incidents, BIA and resilience all hang off it. That structural choice is what makes these views possible — and difficult to retrofit into a register-first product.

Business-process-first

Processes are first-class objects with dependencies and owners — not a tag on a risk row.

Derived, defensible criticality

Process criticality is computed from BIA and propagates to vendor criticality. No guesswork to defend to an auditor.

True blast-radius

One impaired asset reveals every dependent process and subprocess — before the incident, not during it.

Board-ready & exportable

Every view exports for committee packs, with recovery objectives and criticality in plain sight.

Diagrams shown use illustrative data. In the product they are generated live from your own assets, processes, data flows and BIA — and stay current as your environment changes.

See the graph drawn on your business.

Book a personalised walkthrough — we'll demo the dependency graph on data shaped like yours. No slideware, no committee.

Request a demo

Your risk isn't a row in a table. It's a chain reaction — and we draw it.