Information security

With an Information Security Management System (ISMS), you can demonstrate that you handle information security with care and that you safeguard the confidentiality, integrity and availability of business-critical information. A digital file with reversed burden of proof. Requirements laid down in ISO 27001 and BIG.


Information Security Management System

With the Information Security Management System module, you create a management system that maps out your information security risks (Compliance and/or Risk) in a structured and clear manner. From specific dashboards and reports for certifying bodies to functionality based on Plan-Do-Check-Act are available, including ready to go content such as standards and example measures.

Management at different levels

The system recognises three levels of users: task managers, expert users and management users. Task managers are burdened as little as possible with matters that are not part of their core tasks. The expert users, often the owners of the management systems, are provided with all the functionality they need to be able to carry out their work.


The heart of the management software is based on the PDCA cycle. This integrates the control of all implemented measures and management systems into one complete system. The planning of the measure implementations (Plan), the implementation of solutions (Do), the execution of controls (Check) and the follow-up of improvement actions from checks, internal and external audits (Act).

Demo or request a quote?


With GRCcontrol you anticipate current risks and take appropriate safety measures.


For audit planning including automatic and periodic audits, as well as registration of external audits and registration and handling of improvement tasks.

Raporting System

Comes with various standard reports with the possibility to build your own reports.


For management, specialists and employees, up-to-date insight into your compliance (per organization (part), standard, process, means), risks, incidents and (internal/external) audit findings.

Ready to go

Numerous standards frameworks including best-practice measures mapping, numerous risks/threats set(s) including best-practice measures mapping, examples of questionnaires and registers, reporting and dashboarding.


2-factor authentication on login and encrypted traffic for secure communication and data storage in a certified data centre.


Management system for granting authorisations.


Access control based on individuals and functions including AD linking capabilities.


For recording the execution of successive activities.

Document Management

For recording and distribution of documentation and burden of proof. Includes expiration dates and e-mail notification.


NL, UK, FR and GE


Access control based on individuals, roles and functions including AD/FD linking capabilities.

Incident management

Incident management, including registration and handling by means of protocols (work processes) that can be set up entirely according to your own working method.