GRATEIC - Multi-Tenant GRC & BCMS Platform | Governance, Risk & Compliance Software

Three Integrated Platforms

One Ecosystem for Enterprise Resilience

GRC compliance management, ISO 22301 business continuity, and AI-powered facility risk assessment — purpose-built products that work independently or together as a complete resilience platform.

GRC Platform

Governance, Risk & Compliance

22+ production-ready compliance frameworks with AI-powered guidance, Gantt project management, 631+ cross-framework mappings, 70+ document templates per framework, and full document lifecycle — for organizations managing in-house or consulting firms managing multiple clients.

22+ frameworks: ISO 22301, ISO 27001, SOC 2, NIST CSF, GDPR, HIPAA, ISO 42001, OSFI, PCI DSS + 13 more

6-layer framework structure: Framework → Processes → Controls → Tasks → Metadata → Templates

AI on every task — guidance, document generation, evidence recommendations, gap analysis

Project Gantt charts + process-level drill-down with drag-and-drop scheduling

631+ cross-framework control mappings — complete one standard, satisfy related requirements

Customer Portal (self-service) + Firm Portal (multi-client) + dedicated Equisoft deployment

22+

Frameworks

2,400+

Controls

60-75%

Cost Saving

Customer Portal Firm Portal

BCMS Platform

Business Continuity Management

ISO 22301:2019 aligned BCMS covering the complete Plan-Do-Check-Act lifecycle. From 7-step BIA through BC plans, exercises, incidents, audits, and management review — with AI throughout, HR system integration, and full resource lifecycle management for IT systems, facilities, suppliers, and equipment.

Full PDCA lifecycle: Plan (BIA, context) → Do (plans, exercises) → Check (audits, review) → Act (NCCI, improvement)

7-step BIA: process inventory, impact assessment (6 categories × 8 periods), RTO/RPO/MTPD/MBCO, dependency mapping, strategies

3-tier BC plans (Enterprise/Tactical/Operational), 8 plan types, 5-stage approval workflow, PDF viewer

IT Systems DR planning + AI document generation · Suppliers with contracts, SLAs, performance reviews · Facilities with full site attributes

HR integration: NetSuite, Workday, Active Directory, SAP SuccessFactors — 9 staff change event types

NCCI Register with AI management report · Internal/External audit · Risk register · Training programme

88+

DB Tables

BIA Steps

Response Teams

Explore BCMS

SRMT Platform

Site Risk Management Tool

AI-powered facility risk assessment generating boardroom-ready PDF reports in under 60 seconds. 185 checklist items across 11 risk domains, 19+ international standards, Claude Opus 4.5 analysis, and three professional report formats — deployed across 5 live sector-specific instances.

185 checklist items, 11 risk domains (Fire & Life Safety, Power, HVAC, Security, IT, Natural Hazards, Regulatory, Supply Chain, Environmental, Vendor, Documentation)

Claude Opus 4.5: Executive summary, domain analysis, 4-phase CAD remediation roadmap

3 report types: Full (35-40pp), Executive (4-6pp), Technical (15-25pp) — generated in <60 seconds

5 sector instances: Data Centre, Warehouse, Solar Farm, Wind Turbine, Oil & Gas

19+ international standards referenced per assessment

Photo evidence per domain · Azure Blob Storage · Custom sector instances on request

185

Checklist Items

Risk Domains

Live Sectors

Explore SRMT

GRC Access Model

Two Portals, One Framework Library

The same 22+ frameworks, AI assistant, and document management — delivered via two isolated portals optimised for different users. Complete tenant isolation on shared Azure infrastructure.

Customer Portal

customer.grateic.com

Self-service GRC for organizations managing compliance in-house. AI guidance, Gantt scheduling, document control, cross-framework mapping, and optional consultant/auditor view access — at 60-75% less than hiring consultants.

22+ frameworks with AI guidance on every task

Project & process Gantt charts with drag-and-drop

70+ document templates per framework

631+ cross-framework control mappings

Task & activity assignment with email notifications

Consultant & auditor view-only access — no extra cost

Average savings vs. consulting

$150,000–200,000

per certification engagement · 3-6 weeks to audit-ready

Full Feature Details →

Firm Portal

firm.grateic.com

Multi-client GRC delivery platform for consulting firms. Manage unlimited clients with complete isolation, AI-assisted delivery, seniority-based resourcing, time tracking, billing, and client/auditor portal access — 5-10x client capacity per consultant.

Unlimited clients — complete firm_id isolation

PRINCIPAL/SENIOR/INTERMEDIATE/JUNIOR task resourcing

Task-level time tracking and rate-card billing

Client view accounts + auditor evidence portal

Assignment email notifications for all paths

AI document generation with client context pre-filled

Revenue potential · Professional tier

$150,000–300,000/mo

5-10x client capacity · 10-20x platform ROI · 120+ hrs saved per engagement

Full Feature Details →

22+ Production-Ready Frameworks

The Most Complete Framework Library Available

Every framework ships day one with processes, controls, tasks, activities, 8-field consulting metadata, and 70+ document templates. 631+ cross-mappings eliminate duplicate work across frameworks.

ISO 22301:2019

BC & Resilience

ISO 27001:2022

Information Security

ISO 42001:2023

AI Governance

SOC 2 Type II

Trust Services

NIST CSF 2.0

Cybersecurity

OSFI B-10 / B-13

Financial Reg.

GDPR

Privacy

HIPAA

Healthcare

PCI DSS 4.0

Payments

ISO 27002:2022

InfoSec Controls

CIS Controls V8

Cybersecurity

ISO 9001

Quality Mgmt

NIST RMF

Risk Mgmt

ISO 31000

Risk Mgmt

ISO 20000

ITSM

ISO 27701

Privacy ISMS

COSO ERM

Enterprise Risk

FFIEC IT Handbook

Financial IT

OSFI CRR

Corporate Risk

+ 3 more

Browse all →

ELIMINATE DUPLICATE COMPLIANCE WORK

631+ cross-framework control mappings

Complete ISO 27001 and automatically satisfy related SOC 2, NIST CSF, PCI DSS requirements. 40-60% less duplicate work.

631+

Control Correlations

2,304+

Activity Mappings

Anthropic Claude API — Throughout Every Product

AI-Powered Compliance, Continuity & Risk

The Claude API is integrated across every module of every product. Context passes automatically — the AI always knows which framework, control, or business process you're working on.

📝

Document Generation

Generate complete policies, procedures, BC plans, DR documents, and evidence documentation — framework context and task details passed automatically.

🎯

Task & Control Guidance

Contextual guidance on every task across all 22+ frameworks. Evidence requirements, implementation steps, and control interpretation — on demand.

🔍

Gap Analysis

Upload existing documents — AI analyses gaps against framework requirements and returns prioritised remediation findings.

📊

Management Reports

AI-generated board-ready BCMS management review reports (§9.3), NCCI KPI analysis, BIA summaries, and risk assessment insights.

🏭

Site Risk Analysis (SRMT)

Claude Opus 4.5 generates boardroom-ready executive summaries, domain risk analysis, and 4-phase CAD remediation roadmaps in under 60 seconds.

🔄

Recovery & DR Planning

AI generates IT DR procedures per system, BC plan content, and recovery strategy recommendations from BIA dependency data.

ISO 22301:2019 · Full PDCA Lifecycle

Complete Business Continuity Lifecycle

GRATEIC BCMS implements every clause of ISO 22301 — from establishing organizational context through continual improvement. Every feature maps to a specific standard clause.

PLAN · §4, §5, §6

Establish Context & Strategy

7-step BIA · RTO/RPO/MTPD/MBCO · Recovery strategy selection · Risk identification · BC objectives

DO · §7, §8

Implement & Operate

BC Plans · IT Systems DR · Supplier SLAs · Facilities · Training · Exercises · Incident response

CHECK · §9

Monitor & Evaluate

Internal audit · External audit + certification tracking · Management review · KPI dashboards

ACT · §10

Continual Improvement

NCCI Register · Root cause analysis · AI corrective action plans · Board management report

Full BCMS Feature Details →

SRMT · 5 Live Sector Instances

Industry-Specific Risk Assessment

Each SRMT deployment is customised for its sector with industry-specific checklists, applicable standards, and tailored risk criteria. All five instances are fully deployed and ready to use.

DATA CENTRE

Data Centre Operations

TIA-942 (Tier I-IV) · ASHRAE TC 9.9 · Uptime Institute · NFPA 75 · ISO 27001 · SOC 2

Access Data Centre SRMT →

WAREHOUSE

Warehouse & Logistics

ANSI MH16.1 (Racking) · OSHA 1910.178 (Forklifts) · NFPA 13 · FM Global Property Loss

Access Warehouse SRMT →

SOLAR FARM

Solar & Energy Storage

NEC 690 (PV) · NFPA 855 (BESS) · IEC 62446 · IEEE 1547 · NERC CIP

Access Solar SRMT →

WIND TURBINE

Wind Energy Operations

IEC 61400-1/24 · NERC CIP · OSHA LOTO · Work at Height · NFPA 850

Access Wind SRMT →

OIL & GAS

RESTRICTED

Oil & Gas Operations

OSHA PSM 1910.119 · EPA RMP · API RP 750/752/753 · ATEX · API 653

Access Oil & Gas SRMT →

CUSTOM

Custom Sector Instance

Manufacturing · Healthcare · Aviation · Maritime · Chemical Plants · Any specialized sector with custom checklists and standards

Request Custom Instance →

Full SRMT Feature Details →

Platform Capabilities

Built for Audit-Readiness at Every Stage

Core capabilities shared across all portals and products — everything you need from project kick-off to certification.

Gantt Project Management

Project and process-level Gantt charts with drag-and-drop scheduling, AJAX autosave, and cross-framework timeline visibility across all engagements.

Document Lifecycle Control

Auto-generated reference numbers, semantic versioning v1.2.3, Draft→Review→Approved→Published workflow, full version history, and Azure Blob secure storage.

Assignment Notifications

Automated email notifications via Azure Communication Services when tasks and activities are assigned — includes context, due date, and direct link. Never blocks on mail failure.

Activity Log & Audit Trail

All user actions logged with timestamp, resource, and IP. Per-log detail view, CSV export for compliance evidence, and 30-day scheduled auto-purge.

MFA & Security

Laravel Fortify + TOTP two-factor authentication, reCAPTCHA v2 on all auth forms, email verification, session encryption, and role-based access control.

Azure Cloud Infrastructure

Canada Central region, Azure MySQL Flexible Server, geo-redundant backups to Canada East, Azure Communication Services email, SSL on all domains, 99.9% uptime SLA.

Where Compliance Becomes Capability