The lack of the right papers, read for example ISO certifications and/or TPM statements, has become a commonly used knock-out criterion for the markets in order to:
- To purchase the services of your organization;
- Work together with your organization;
- (value) Is decisive for mergers and acquisitions.

In short, with the right certification you can appeal to large clients. In the meantime, more than 150 customers have obtained and maintained various certifications with GRCcontrol.



“If we have to go back to separate spreadsheets, we'll lose twice as much time. The GDPR entitles people to insight and audits. GRCcontrol offers us continuous insight into whether we are in control!”

Amphia Hospitals

"Excel does nothing for an organization, or for me as a CISO/DPO. It does not offer a real-time overview for management. With the help of GRCcontrol you are guided through the required demonstrable process assurance. We notice this especially in the structured and manageable execution of the guidance in the internal testing. Excel does nothing!"


"As a healthcare organization, we must comply with quite a few rules and standards in the field of privacy and information security. GRCcontrol is very complete and guides you through the approach, as it were. In this tool you can actually put in everything in the field of privacy and information security, which gives you a good overview, has a grip on your PDCA cycle and is a central place for accountability/documentation. The GDPR and NEN standards partly overlap. If we comply with a measure from this overlap, we can comply with both the relevant rule from the GDPR and the relevant NEN standard (map once, comply to many)".

DUO | Ministry of OCW

"The structure that GRCcontrol offers forms the basis for DUO to set up an efficient and effective compliance management process".


"Every township has to deal with standards, whether mandatory or not, such as the Baseline Information Security Government (BIO). In doing so, you look for a means that can best support the implementation and assurance. The township Tholen has opted for GRCcontrol from CompLions because this tool is best suited to our demand and need, is flexible and versatile and has different angles of approach. I can now fully focus on the coordination of the process without running up against limitations".


"GRCcontrol is a living tool that is indispensable within our organization. The tool has helped us to organize our affairs and keeps an eye on everything. Because CompLions has been in the industry for a number of years, they have a good lead over the rest, they continue to innovate! We can recommend GRCcontrol to everyone!

Vechtdal College

"GRCcontrol has been the golden opportunity for us to get a good overview of all kinds of things that had to be arranged in the school and around the GDPR. Bringing together and understanding what we have is one of the most important things within GRCcontrol for me. The system helps me to remind me with push mails when something falls short. I no longer have to think and go through lists to see whether something is still correct or not. You make a note of it and you put it away in GRCcontrol. The system then goes to work for me and keeps track of it. GRCcontrol takes care of this for me!"

Demo or request a quote?


With GRCcontrol you anticipate current risks and take appropriate safety measures.


For audit planning including automatic and periodic audits, as well as registration of external audits and registration and handling of improvement tasks.

Raporting System

Comes with various standard reports with the possibility to build your own reports.


For management, specialists and employees, up-to-date insight into your compliance (per organization (part), standard, process, means), risks, incidents and (internal/external) audit findings.

Ready to go

Numerous standards frameworks including best-practice measures mapping, numerous risks/threats set(s) including best-practice measures mapping, examples of questionnaires and registers, reporting and dashboarding.


2-factor authentication on login and encrypted traffic for secure communication and data storage in a certified data centre.


Management system for granting authorisations.


Access control based on individuals and functions including AD linking capabilities.


For recording the execution of successive activities.

Document Management

For recording and distribution of documentation and burden of proof. Includes expiration dates and e-mail notification.


NL, UK, FR and GE


Access control based on individuals, roles and functions including AD/FD linking capabilities.

Incident management

Incident management, including registration and handling by means of protocols (work processes) that can be set up entirely according to your own working method.