Governance, Risk & Compliance (GRC)
Overview
Managing enterprise risk, policy and compliance, audit, and resilience on one platform — turning risk and control activity from disconnected spreadsheets into continuous, monitored programs. Feeds on operational data from across the platform (CMDB, security, HR) to make risk real-time.
Modules in this family
- Risk Management — identify, assess, and monitor enterprise risk
- Policy & Compliance Management — policies, controls, and compliance to frameworks
- Audit Management — plan and run internal audits efficiently
- Third-Party Risk Management (TPRM) — assess and monitor vendor/third-party risk
- Business Continuity Management (BCM) — plan for and respond to disruptions (BCM)
Modules in this family
Audit Management
Runs the internal audit function: planning what to audit based on risk, executing engagements with workpapers and evidence, recording findings, and tracking remediation to closure — replacing document-and-spreadsheet audits with a managed workflow that reuses existing risk and control data.
Business Continuity Management (BCM)
Preparing the business to keep running through disruptions: analyzing which processes are critical and how quickly they must recover (business impact analysis), building and maintaining continuity plans, and coordinating response when something actually happens.
Policy & Compliance Management
Managing the organization's policies and the controls that enforce compliance with regulations and frameworks (ISO 27001, SOC 2, NIST, etc.). It maps requirements to controls, tests whether controls are working, and tracks remediation — so compliance is continuous rather than a scramble before each audit.
Risk Management
A live system for identifying, assessing, and monitoring the risks a business faces — operational, technology, financial — replacing periodic spreadsheet exercises with a continuously updated risk register that can pull real signals from across the platform.
Third-Party Risk Management (TPRM)
Assessing and monitoring the risk your vendors and partners introduce: sending due-diligence questionnaires, scoring responses, tracking issues to remediation, and re-assessing periodically — so third-party risk is managed continuously rather than at onboarding only.
Official docs: Governance, Risk & Compliance ↗