Continuous Compliance

At CompLions-GRC, efficiency comes first. API links offer the possibility of exchanging relevant information with the current application landscape. This can include incidents and measures, including the status, follow-up and associated burden of proof. Proven integration with Microsoft Power BI, NETWRIX and MATRIX42.


Real-time insight into relevant (control) information from one GRC platform,
that is what we call Continuous Compliance.


In many organizations, from small to large, we have recently seen the following developments:


  • For most organizations, a quarter or more of the (information) security budgets are already deployed about the growing compliance obligations and/or certification objectives.

  • Compliance offers opportunities and threats: many companies now see compliance as a financial necessity.

  • Efficiency and cost limitation are the drivers for setting up and deploying Integrated Risk Management (IRM) software tooling.


Those who apply innovative approaches, such as IRM software, for example, see a 40% to 50% reduction in cost increase. This is comparable to the fact that one would continue to work with numerous ‘personal’ spreadsheets and documents in addition to numerous self-contained ‘point solutions’ based on one aspect of the whole, such as functionality for (internal) audit, privacy compliance, health safety & environment compliance, information security or quality.


At CompLions-GRC efficiency, cost reduction and cost savings are paramount. We distinguish two core areas to achieve this or to pursue it together with you.

1. Map Once, Comply (Proof) to Many

Many compliance and/or certification requirements include many relationships and overlapping requirements. With our GRCcontrol software, you can first integrate these frameworks into one management system. The unique proprietary concept of ‘Map Once, Comply to Many' ensures that all overlapping requirements are deduplicated in advance. Also, the system ensures that this measure only has to be implemented once for a process, asset or objective. This unique functionality can lead to work and/or time savings of up to 70% on your entire compliance processes.

2. Continuous Compliance - Compliance on demand

This truth is the vision that GRCcontrol puts into practice together with our customers and our partners.
GRCcontrol uses the 'best of breed' or 'best of features' principle based on the platform concept of CompLions-GRC. The advantages are simple and above all pragmatic.

Think from a platform (API) idea, that your current or future ITSM, SIEM, HSE, QA apps or tooling exchange all kinds of relevant Governance, Risk or Compliance data with our GRCcontrol platform.
This reduces concerns about "duplicate" registrations, task entry, incident entry, the demonstrable burden of proof of many systems and more.


We do this with proven integration such as: Microsoft Power BI, NETWRIX en MATRIX42.


Umbrella IT management platform
Automated service & asset management
Offensive & Defensive IT Security
API connectors and workflow suite
The best of both worlds: 'old & cloud'
One overarching European system for many solutions
Automated IT tasks and processes


Netwrix Auditor helps to implement a secure, data-centric approach. Automatic identification and classification of business-critical information in unstructured and structured environments (on-premise and in the cloud) reduces risk and speeds up the detection of suspicious behavior. In this way, well-considered anticipation can be made to prevent a data leak and both the data and the backbone systems are protected.

Do you want more information, request here for the whitepaper


With GRCcontrol you anticipate current risks and take appropriate safety measures.


For audit planning including automatic and periodic audits, as well as registration of external audits and registration and handling of improvement tasks.

Raporting System

Comes with various standard reports with the possibility to build your own reports.


For management, specialists and employees, up-to-date insight into your compliance (per organization (part), standard, process, means), risks, incidents and (internal/external) audit findings.

Ready to go

Numerous standards frameworks including best-practice measures mapping, numerous risks/threats set(s) including best-practice measures mapping, examples of questionnaires and registers, reporting and dashboarding.


2-factor authentication on login and encrypted traffic for secure communication and data storage in a certified data centre.


Management system for granting authorisations.


Access control based on individuals and functions including AD linking capabilities.


For recording the execution of successive activities.

Document Management

For recording and distribution of documentation and burden of proof. Includes expiration dates and e-mail notification.


NL, UK, FR and GE


Access control based on individuals, roles and functions including AD/FD linking capabilities.

Incident management

Incident management, including registration and handling by means of protocols (work processes) that can be set up entirely according to your own working method.