FeaturesFrameworksAboutContact
Sign inBook a Demo

Everything you need

GRC without
the complexity

Ten tightly integrated features that take a UK tech startup from zero to audit-ready — without a dedicated compliance team. Click any feature to go deeper.

Dashboard

A real-time command centre for your GRC programme. See total risks, open findings, audit progress, and compliance scores the moment you log in — no digging required.

  • Live compliance score across all active frameworks
  • Risk summary: total, high, open, and overdue — in one view
  • Interactive Recharts-based visualisations for trends and status breakdowns
  • Recent activity feed — see exactly what changed and when
Learn more

Risk Register

Document, score, and track every risk with automated likelihood and impact scoring. Assign owners and monitor remediation progress in real time.

  • Full lifecycle: Identified → Assessed → Mitigating → Monitoring → Resolved → Closed
  • AI-powered likelihood × impact scoring with residual risk estimation
  • Risk-to-controls mapping — link any controls directly to each risk
  • Assign owners, set due dates, and track accountability end to end
Learn more

Audit Workflow

A structured 3-stage audit lifecycle — Setup, Conduct, Review — with per-control compliance scoring, findings documentation, remediation tasks, and internal and external comment threads.

  • 3-stage lifecycle: Setup → Conduct Audit → Review
  • Per-control scoring: compliant, partially compliant, or non-compliant
  • Remediation tasks with assigned owner, due date, and status tracking
  • Internal team notes and external auditor comments in the same thread per control
Learn more

Controls Library

Pre-built controls mapped to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, and HIPAA. One control covers every framework it belongs to — write it once.

  • 401 TrusTrak-managed platform controls across 6 frameworks
  • Cross-framework mapping — see which frameworks each control satisfies simultaneously
  • 4 control types: Preventive, Detective, Corrective, Compensating
  • Bulk import existing controls via CSV; add unlimited custom controls
Learn more

Evidence Locker

Secure file storage with SHA-256 integrity verification. Every piece of audit evidence is hashed on upload and verified on every download.

  • SHA-256 hash generated and stored on every upload
  • Visual integrity badges: Verified, Modified, or Corrupted
  • Signed URLs — temporary, expiring links for secure auditor sharing
  • Row-level security — only authorised users can access evidence
Learn more

AI Advisor

Ask anything about your compliance posture. Powered by Claude — reads your own risks, controls, and evidence to give real, contextual guidance.

  • One-click risk creation from a plain English description
  • Per-risk AI insights: inherent score, residual score, key next actions
  • Bulk-answer security questionnaires from your own document knowledge base
  • Streaming compliance chat — ask anything, get answers grounded in your data
Learn more

External Auditor Portal

Time-limited, OTP-verified access portals for external auditors. Scoped, secure, fully logged — and revocable the moment you choose.

  • Time-limited JWT tokens with configurable expiry
  • OTP email verification before any access is granted
  • Read-only evidence and audit visibility — no system access
  • Every view and download logged with auditor email and timestamp
Learn more

PDF Audit Reports

Ten-section executive reports generated from your live compliance data — AI executive summary, compliance scores, priority findings, and a corrective action plan.

  • AI-written executive summary generated from live audit data
  • Compliance score gauge with per-framework and per-category breakdowns
  • Priority findings — critical non-compliant controls surfaced separately
  • Corrective Action Plan satisfying ISO 27001 Clause 10.1
Learn more

Document Centre

A centralised library for every policy, procedure, and evidence certificate your compliance programme depends on — with AI-powered full-text search built in.

  • Bulk multi-file upload with per-file name editing and live progress indicators
  • Supported formats: PDF, DOCX, TXT, Markdown
  • Text extracted at upload and indexed for AI search — scanned PDFs flagged, not failed
  • AI search status per document: Searchable, Limited, No text, or Pending
Learn more

User Management

Invite-only onboarding with a 6-role RBAC system. Every user gets exactly the access their role requires — no more, no less.

  • 6 roles: Admin, Auditor, Risk Owner, Member, Viewer, External Auditor
  • Invite-only — no open registration; users join via email link and set their own password
  • Last login tracking and full user lifecycle management including deletion
  • Row-level security enforced at the database layer for every role
Learn more

Notifications & Alerts

Automated alerts keep your team on top of every risk, audit, and deadline — so nothing falls through the cracks between compliance cycles.

  • Instant alerts: risk created, assigned, level changed, status updated
  • Overdue remediation cron — daily 9 AM digest of tasks past their due date
  • Audit lifecycle alerts: assigned, completed, and compliance reminders
  • Manual reminder buttons on any risk or audit for ad-hoc nudges
Learn more

Built to work together

Every feature feeds the next

Risks link to controls. Controls link to evidence. Evidence feeds the audit report. The AI Advisor reads it all. This isn't a collection of tools — it's a single compliance workflow.

Ready to get
audit-ready?

Book a 30-minute demo and see how RiskGuard can get your startup compliant — without the consultant fees.

Book a Free Demo →