KPMG and CompLions have joined forces to achieve your GRC goals and obligations so that you meet the WBNI (Cybersecurity). GRC-Control offers the management system and KPMG offers you the WBNI standards framework, including design and implementation.



The Network and Information Systems Security Act (Wbni) has been in force since November 2018. The expanded and updated version of the former Cyber Security Act. Providers of essential services and digital service providers must comply with it. In this way, the government tries to increase digital resilience and limit the consequences of cyber incidents. For example, there is a duty of notification and a duty of care.


In the Wbni, the European NIS directive is transposed into Dutch law. The aim is for member states to improve their digital resilience and to cooperate better with each other, so that Europe becomes digitally safer. With our software focused on information security and privacy compliance, we offer you - together with our partner KPMG - a complete approach: our smart software and the additional expertise of KPMG. Together we know business processes and risks through and through and are able to translate frameworks into your company and use them properly.

Demo or request a quote?


With GRCcontrol you anticipate current risks and take appropriate safety measures.


For audit planning including automatic and periodic audits, as well as registration of external audits and registration and handling of improvement tasks.

Raporting System

Comes with various standard reports with the possibility to build your own reports.


For management, specialists and employees, up-to-date insight into your compliance (per organization (part), standard, process, means), risks, incidents and (internal/external) audit findings.

Ready to go

Numerous standards frameworks including best-practice measures mapping, numerous risks/threats set(s) including best-practice measures mapping, examples of questionnaires and registers, reporting and dashboarding.


2-factor authentication on login and encrypted traffic for secure communication and data storage in a certified data centre.


Management system for granting authorisations.


Access control based on individuals and functions including AD linking capabilities.


For recording the execution of successive activities.

Document Management

For recording and distribution of documentation and burden of proof. Includes expiration dates and e-mail notification.


NL, UK, FR and GE


Access control based on individuals, roles and functions including AD/FD linking capabilities.

Incident management

Incident management, including registration and handling by means of protocols (work processes) that can be set up entirely according to your own working method.