Customer Portal · Self-Service GRC

Manage Your Entire GRC Program
In-House

22+ compliance frameworks, AI-powered implementation guidance, Gantt project scheduling, 631+ cross-framework mappings, 70+ document templates per framework, and complete document management — at 60-75% less than traditional consulting.

$500,000+ of consulting expertise built into every framework — available 24/7 via AI assistant
22+
Frameworks
2,400+
Controls
631+
Cross-Mappings
3-6 Wks
To Audit-Ready
Available Frameworks: ISO 22301 ISO 27001 SOC 2 NIST CSF GDPR HIPAA ISO 42001 PCI DSS OSFI + 13 more
Why Customer Portal

Everything You Need. Nothing You Don't.

💰

Save $150K–200K

60-75%

Cost reduction vs. hiring consultants for ISO 22301, SOC 2, or ISO 27001 certification.

3-6 Weeks to Audit-Ready

vs. 6-12 mo

Pre-built frameworks, AI guidance, and 70+ document templates per framework cut implementation time dramatically.

🤖

AI Assistant 24/7

Always On

Framework-specific guidance, document generation, evidence recommendations, and gap analysis — available on every task.

🔗

Eliminate Duplicate Work

631+ Mappings

Cross-framework control correlations — complete ISO 27001 and automatically satisfy related SOC 2, NIST CSF requirements.

22+ Production-Ready Frameworks

The Most Complete Framework Library Available

Every framework ships day one with processes, controls, tasks, activities, 8-field consulting metadata, and 70+ document templates. Select any combination — frameworks work together with 631+ cross-mappings eliminating duplicate work.

ISO 22301:2019
BC & Resilience
ISO 27001:2022
Information Security
ISO 42001:2023
AI Governance
SOC 2 Type II
Trust Services
NIST CSF 2.0
Cybersecurity
OSFI B-10 / B-13
Financial Reg.
GDPR
Privacy
HIPAA
Healthcare
PCI DSS 4.0
Payments
ISO 27002:2022
InfoSec Controls
CIS Controls V8
Cybersecurity
ISO 9001
Quality Mgmt
NIST RMF
Risk Mgmt
ISO 31000
Risk Mgmt
ISO 20000
ITSM
ISO 27701
Privacy ISMS
COSO ERM
Enterprise Risk
FFIEC IT Handbook
Financial IT
OSFI CRR
Corporate Risk
+ 3 more
Custom on request
What's Inside Every Framework

Six Layers of Implementation Expertise

Every framework in the GRATEIC library is built on a six-layer structure that transforms abstract ISO and regulatory requirements into concrete, auditor-ready project programmes — with $500,000+ of consulting expertise encoded throughout.

01
Framework Record
Master record: name, version, standard body, category, pricing configuration. Deployed to each tenant with all metadata needed for immediate use.
frameworks table
02
Processes / Clauses
Major phases mapped to ISO clause structure. Each carries: process_code (e.g. AI-01), iso_clause reference, category (Planning / Risk / Support / Implementation / Monitoring / Improvement), estimated_hours, and complexity.
framework_processes table
03
Controls
Specific requirements typed as MANDATORY, RECOMMENDED, or OPTIONAL — each with 8 fields of expert implementation metadata encoding 30 years of consulting experience across 2,400+ controls.
framework_controls — 2,400+ controls
04
Tasks & Activities
Work breakdown structure embedded in each process: 3-4 tasks per process, 3-4 activities each. Every task carries seniority_required (PRINCIPAL/SENIOR/INTERMEDIATE/JUNIOR), estimated_hours, timing window, and implementation instructions.
JSON in framework_processes
05
Enhanced Control Metadata
8 fields per control: Prerequisites, Implementation Steps (numbered, 5-10 steps), Expected Outcome, Evidence Requirements, Mandatory Documents, Deliverables, Guidance Notes, Audit Frequency — the consulting IP layer that makes GRATEIC unique.
$500K+ expertise — 8 fields per control
06
Document Template Library
70+ controlled templates per framework across 7 categories: Policy, Procedure, Assessment, Report, Checklist, Guideline, Evidence. Numbered using [FRAMEWORK]-[CATEGORY]-[NUMBER] convention. e.g. ISO27001-POL-001.
70+ templates per framework
Task Seniority Model
PRINCIPAL
Executive & Governance
C-suite sign-off, board governance, cross-functional authority. 12-24 hrs. Drives programme sponsorship.
SENIOR
Technical Architecture
Control design, gap analysis, evidence standards, SME-level expertise. 8-16 hrs.
INTERMEDIATE
Documentation & Analysis
Gap analysis, evidence collection, template population, process documentation. 4-12 hrs.
JUNIOR
Operational Support
Data entry, scheduling, record maintenance, basic template work. 2-6 hrs.
Document Template Categories
📋 Policy (7) 📝 Procedure (21) 🔍 Assessment (10) 📊 Report (10) ✅ Checklist (7) 📖 Guideline (5) 🗂 Evidence (10)
Project Management

Full Project & Framework Lifecycle

Manage compliance projects from framework selection through certification — with Gantt scheduling, task assignment, email notifications, control tracking, and real-time progress visibility at every level.

Projects & Gantt

Portfolio Management

  • Create from framework templates or from scratch
  • Multi-framework projects — add/remove frameworks post-creation
  • Toggle individual processes on/off per project
  • Process owner assignment per process
  • Budget, status, and timeline management
  • Project Gantt chart — full visual timeline across all processes
  • Process-level Gantt — drill-down scheduling per process
  • Drag-and-drop scheduling with AJAX autosave
Tasks & Activities

Work Item Management

  • Global task list across all projects and frameworks
  • Task assignment with email notification to assignee — includes project, process, due date
  • Activity assignment with email notification — includes activity, task, project
  • Task completion and reopen workflow
  • Task timeline view with full activity log
  • Upload documents directly to tasks
  • AI assistance on every task — guidance, evidence hints, document generation with task context pre-filled
Control Assignments

Accountability & Ownership

  • Assign controls to individual team members
  • Department-based control view — all controls by dept
  • Bulk assignment for multiple controls at once
  • Framework, process, task, and activity level assignment
  • Unassigned controls view for gap identification
  • Assignment update and removal
🤖 Anthropic Claude API — Embedded Throughout

AI-Powered Compliance Throughout

Six AI capabilities embedded across the platform — available on demand from any task, framework, or document. Context is passed automatically so the AI understands exactly where you are and what you need.

Task Help
Contextual guidance for any implementation task — explains requirements, suggests approach, flags pitfalls using full framework and control context.
Document Generation
Generate complete policy, procedure, report, or evidence documents. Framework, requirements, and task context passed automatically. Stored with AI badge in document register.
Evidence Guidance
Per-control identification of appropriate evidence artefacts tailored to your industry, size, and maturity. Reduces evidence identification time by up to 60%.
Document Analysis
Upload existing documents — AI analyses gaps against framework control requirements and returns scored results with remediation priorities.
Suggested Questions
AI generates the right questions to ask at each implementation stage — for workshops, interviews, and review meetings.
Framework Assessment
Full framework health analysis — completion status, gap prioritisation, and AI-generated recommendations from project data.
AI Document Generation — How It Works
  • Select document type (Policy, Procedure, Report, Assessment, etc.)
  • Framework, requirements, and task context passed automatically
  • Claude API generates complete, professional document content
  • Stored in document register with AI badge and version history
  • Edit inline, export, submit for approval
  • Deep-link from task with ?task_id=X&tab=ai — context auto-fills
$500K+
Consulting Expertise Built Into Every Control

Every control carries 30 years of implementation guidance — prerequisites, numbered implementation steps, expected outcomes, evidence requirements, and audit frequency — so the AI always knows what you need to do and what evidence to collect.

Document Repository

Complete Document Lifecycle Management

Stay audit-ready at all times. Every document tracked from creation through approval and periodic review — version control, workflow status, and framework linkage built in.

Document Control

Reference & Version System

  • Auto-generated control numbers
  • Semantic versioning v1.2.3 format
  • Full version history with per-version download
  • Framework and ISO clause linkage
  • Expiry and review date tracking
Approval Workflow

Draft to Published

Draft
In Review
Approved
Published

Complete audit trail at every stage. Reviewer assignment with due dates. Recall and re-draft capability.

Storage & Upload

All File Types Supported

  • PDF, Word, Excel, images — up to 50MB
  • In-browser content editing — no download cycle
  • Upload directly from task view
  • Secure Azure Blob Storage
Activity Log

Complete Audit Trail

  • All user actions logged with timestamp and IP
  • Per-log detail view with full context
  • CSV export for compliance evidence delivery
  • 30-day auto-purge via scheduled cron
ELIMINATE DUPLICATE COMPLIANCE WORK

631+ Cross-Framework Control Mappings

Our cross-framework correlations mean you never implement the same control twice. Complete ISO 27001 and automatically satisfy related requirements across SOC 2, NIST CSF, PCI DSS, and other active frameworks in your programme.

631+
Control Correlations
40-60%
Less Duplicate Work
22+
Mapped Frameworks
2,304+
Activity-Control Mappings
Team Management & Security

Collaboration, Access Control & MFA

Invite your team, assign roles, enable MFA, and grant consultants or auditors limited view-only access — all with a complete activity log audit trail.

👥

Team Management

  • Invite team members via branded email
  • Role-based access: Admin, Manager, Member
  • MFA enable/disable per user (TOTP)
  • Last login tracking per team member
  • Resend invitation email for pending accounts
👨‍💼

Consultant & Auditor Access

  • Grant consultants project-level view access
  • Give auditors read-only evidence access
  • Time-limited and permission-controlled access
  • Zero extra licensing cost for view accounts
🔒

Security & Authentication

  • Laravel Fortify + TOTP 2FA
  • reCAPTCHA v2 on all login/register forms
  • Email verification required for new accounts
  • Azure-hosted, SSL/TLS, session encryption

Ready to manage GRC in-house?

Access 22+ frameworks with AI guidance, 631+ cross-framework mappings, 70+ document templates per framework, and $500K+ of consulting expertise — at a fraction of the cost

Request Demo View Pricing Access Customer Portal