Question 1

What compliance frameworks does GRCTrack support?

Accepted Answer

GRCTrack supports 10 compliance frameworks: PCI DSS 4.0.1 (322 controls), ISO 27001:2022 (93 controls), SOC 2 Type II (64 controls), HIPAA Security (45 controls), GDPR 2016/679 (99 controls), NIST CSF 2.0 (106 controls), NIS2 Directive (21 controls), SWIFT CSP 2024 (32 controls), Cyber Essentials UK (5 controls), and CE Plus UK (5 controls).

Question 2

How is GRCTrack different from Vanta, Drata, and Sprinto?

Accepted Answer

GRCTrack is the only compliance platform built by qualified security assessors (QSAs). It features 6 dedicated portals, 7 AI intelligence engines, 53 drag-and-drop dashboard widgets, 15 granular RBAC roles, 10 visual themes, 11 languages, and support for niche frameworks like SWIFT CSP, NIS2, and Cyber Essentials that no competitor covers. Starting at £999/year vs $6,000+ for alternatives.

Question 3

What are the 7 AI intelligence engines?

Accepted Answer

Flo — conversational AI assistant; FloAva — contextual guidance alongside controls; Policy Copilot — AI policy document generation; Evidence Intelligence — automatic categorisation and framework mapping; Remediation Intelligence — prioritised ticket creation with Jira/ServiceNow integration; Architecture Intelligence — AI-powered network diagram generation; Human Risk Intelligence — employee risk scoring and behavioural analytics.

Question 4

What are the 6 portals?

Accepted Answer

QSA Admin Portal for multi-client assessment management; Merchant Portal for self-service compliance; Acquirer Command Center for portfolio-wide visibility; Auditor Portal for assessment execution; Client Portal for stakeholder tracking; Partner Portal for MSSPs with white-label and revenue sharing.

Question 5

Does GRCTrack include security awareness training?

Accepted Answer

Yes. GRCTrack includes a full Training & Awareness Governance module aligned to PCI DSS Requirement 12.6. Features include mandatory course assignment, interactive quizzes, certification tracking, policy acknowledgement with digital signatures, and one-click audit evidence export. It also includes AI phishing simulation with campaign scheduling, behavioural analytics, and automated remediation.

Question 6

What is the CISO Command Centre?

Accepted Answer

The CISO Command Centre is an executive dashboard providing real-time visibility across human risk scores, training completion, policy governance, privileged user exposure, departmental risk heatmaps, and awareness maturity metrics — all in a single pane of glass designed for security leadership.

Question 7

Can I customise dashboards and themes?

Accepted Answer

Yes. GRCTrack offers 53 drag-and-drop dashboard widgets with role-aware sizing. You can choose from 10 visual themes (Pearl, Arctic, Slate, Rosé, Obsidian, Midnight, Ember, Forest, Aurora, System) and configure white-label branding with custom logos, colours, and domains.

Question 8

Is there a free trial?

Accepted Answer

Yes. All multi-framework plans include a free trial — no credit card required. SAQ-A plans include a 30-day money-back guarantee. Enterprise customers can schedule a personalised demo first.

Feature	GRCTrack	Vanta	Drata	Secureframe	Sprinto	AuditBoard
PCI DSS SupportDepth of PCI DSS v4.0.1 requirement mapping and assessment workflows
PCI DSS v4.0.1 full mapping All 12 requirements with sub-requirement detail	✅ Built by QSAs with assessment-grade requirement mapping	◐	◐	◐	◐	◐
SAQ-specific workflows Tailored workflows per SAQ type (A, A-EP, B, C, D)	✅ Only platform with SAQ-specific guided workflows	✗	✗	◐	✗	✗
Evidence per control Evidence collection mapped to individual controls	✅ Evidence auto-categorised across 8 types with assessor notes	◐	◐	◐	◐	✅
Breach case study library Real-world breach analysis mapped to requirements	✅ Unique educational resource for security teams	✗	✗	✗	✗	✗
Multi-FrameworkNumber of compliance frameworks supported with control mapping
Frameworks supported Total number of compliance frameworks	✅ 10 frameworks with PCI DSS as primary focus	✅	✅	✅	✅	✅
Cross-framework mapping Shared control identification across frameworks	✅ Control overlap matrix for multi-framework efficiency	✅	✅	◐	◐	✅
QSA MarketplaceIntegrated marketplace for finding and engaging QSAs
Integrated QSA directory Browse and compare QSA firms	✅ Only platform with built-in QSA marketplace	✗	✗	✗	✗	✗
AI-powered QSA matching Automated matching based on requirements	✅ AI considers SAQ type, industry, region, and budget	✗	✗	✗	✗	✗
In-platform quote requests Request and compare quotes without leaving the platform	✅	✗	✗	✗	✗	✗
Training & AwarenessBuilt-in security awareness training with LMS capabilities
Built-in LMS Security awareness training courses	✅ Full LMS with courses, assignments, certificates, and tracking	◐	✗	◐	✗	✗
PCI-specific training Training content mapped to PCI DSS requirements	✅ Requirement-mapped training with evidence integration	✗	✗	✗	✗	✗
Phishing SimulationBuilt-in phishing simulation campaigns and analytics
Phishing campaigns Create and manage phishing simulation campaigns	✅ AI-powered campaign creation with analytics dashboard	✗	✗	✗	✗	✗
Human risk scoring Per-employee risk scores based on behaviour	✅ Integrated with compliance posture for holistic risk view	✗	✗	✗	✗	✗
AI-Powered ComplianceAI engines for evidence, policy, remediation, and guidance
AI assistant Conversational AI for compliance guidance	✅ 7 specialised AI engines vs single general-purpose AI	✅	◐	◐	◐	✗
AI policy generation Automated security policy creation	✅ Policy Copilot generates PCI-specific policies with requirement mapping	◐	◐	◐	◐	✗
AI evidence categorisation Automatic classification of uploaded evidence	✅	◐	◐	✗	✗	✗
White-Label / AcquirerMulti-tenant white-label and acquirer portfolio management
White-label branding Custom branding for resellers and partners	✅ Full white-label with custom domain, logos, and colours	✗	✗	✗	✗	◐
Acquirer portal Portfolio management for acquiring banks	✅ Purpose-built acquirer command centre with portfolio intelligence	✗	✗	✗	✗	✗
Multi-tenant architecture Isolated environments per organisation	✅	✅	✅	✅	✅	✅
Pricing ModelStarting price and pricing transparency
Starting price Lowest plan price per year	✅ From $149/year vs $4,000-$6,000+/year for competitors	◐	◐	◐	◐	◐
Transparent pricing Published pricing without sales call required	✅ Published SAQ plans from $149/year	✗	✗	✗	◐	✗
Evidence AutomationAutomated evidence collection and management
Integration-based collection Pull evidence from cloud providers and tools	✅	✅	✅	✅	✅	◐
Manual evidence upload Upload and categorise evidence manually	✅	✅	✅	✅	✅	✅
Evidence validity tracking Track evidence expiry and renewal	✅ Automated expiry alerts with re-collection workflows	◐	◐	◐	◐	◐
Risk IntelligenceRisk scoring, dashboards, and continuous monitoring
Continuous monitoring Real-time compliance posture tracking	✅	✅	✅	✅	✅	◐
CISO dashboard Executive risk dashboard with KPIs	✅ Dedicated CISO Command Centre with risk scoring and posture intelligence	◐	◐	✗	✗	✅

PCI Compliance Platform Comparison

Platforms Compared

GRCTrack

Vanta

Drata

Secureframe

Sprinto

AuditBoard

Feature-by-Feature Comparison

Ready to see GRCTrack in action?

Frequently Asked Questions