Tighter quality requirements, standards, legislation and regulations. Have you mapped out everything and - more importantly - can you demonstrate that you work in accordance with the applicable law?



In the financial sector, rules may be imposed by financial supervisors. In other segments, there are organisations such as the Netherlands Competition Authority (NMa), the Financial Supervision Office and the Dutch Data Protection Authority (CPB). Non-compliance is subject to sanctions.

The new privacy law (AVG/GDPR)

The AVG/GDPR has a documentation obligation 'the digital file'. By means of assessments underlying treatment(s), including reversed burden of proof, you can demonstrate that your organisation has taken adequate organisational and technical measures.


The heart of the management software is based on the PDCA cycle. This integrates the control of all implemented measures and management systems into one complete system. The planning of the measure implementations (Plan), the implementation of solutions (Do), the execution of controls (Check) and the follow-up of improvement actions from checks, internal and external audits (Act).

Demo or request a quote?


With GRCcontrol you anticipate current risks and take appropriate safety measures.


For audit planning including automatic and periodic audits, as well as registration of external audits and registration and handling of improvement tasks.

Raporting System

Comes with various standard reports with the possibility to build your own reports.


For management, specialists and employees, up-to-date insight into your compliance (per organization (part), standard, process, means), risks, incidents and (internal/external) audit findings.

Ready to go

Numerous standards frameworks including best-practice measures mapping, numerous risks/threats set(s) including best-practice measures mapping, examples of questionnaires and registers, reporting and dashboarding.


2-factor authentication on login and encrypted traffic for secure communication and data storage in a certified data centre.


Management system for granting authorisations.


Access control based on individuals and functions including AD linking capabilities.


For recording the execution of successive activities.

Document Management

For recording and distribution of documentation and burden of proof. Includes expiration dates and e-mail notification.


NL, UK, FR and GE


Access control based on individuals, roles and functions including AD/FD linking capabilities.

Incident management

Incident management, including registration and handling by means of protocols (work processes) that can be set up entirely according to your own working method.