For a simplified, consolidated and
effective governance of
information security

Request a demo

Our software makes life easy for
every information security manager
within an organization

Request a demo

With GRACI, you improve your visibility
in information security within your company

Request a demo

GRACI is a software platform for Governance, Risk Management, Auditing, Compliance and Security Incidents within an organization.

GRACI Core Modules

Risk Management

Analyze and document your security, third-party and business risks easily with GRACI and get an up-to-date risk register in real time.

Audit Management

Simplify the work of your internal and external auditors by centralizing evidence and sending alerts to key stakeholders.

Compliance Management

Define your standards (e.g., ISO/IEC 27002) and security requirements and match security controls to identify compliance gaps.

Incident Management

Record and manage security incidents and report on the status of incidents in your organization while improving your pro-activity.

Information Security Governance

GRACI helps you document and maintain your current or planned security policies, guidelines and controls, as well as the security standards and best practices adopted by your organization. Information security officers (eg, ROSI, RSI, CISO, CISO, etc.) can quickly have a state of health security within their organization.

A state of health covering the aspects of security checks, risks, compliance and incidents.

Risk Management

GRACI helps you document and maintain security risks in your organization. These risks can be identified during security analysis and assessments. Key stakeholders in the risk management process can connect to the platform to record or modify risks. The platform also has features to define the risk criteria

Audit and Compliance Management

GRACI allows you to record all authoritative documents to which your organization is subject and then to observe compliance discrepancies. You have the opportunity to know what your level of compliance is compared to an authoritative document. Authoritative consent may be a standard (eg ISO / IEC 27002), a policy, a directive, a registry of security requirements.

Incident Management

GRACI helps you document and maintain security incidents that occur in your organization. At any time, the Incident Management Officer may have an inventory of security incidents and the status of such incidents.