Skip to contentSkip to content
← Developer Hub
Risk API

Compliance Risk API

6 REST endpoints for PCI DSS compliance risk intelligence: composite risk scores, anonymised leaderboards, percentile distributions, framework comparisons, YoY trends, and platform-wide statistics.

6 endpoints No auth required JSON + CORS 24h cache force-dynamic

Endpoint Reference

Base URL: https://grctrack.io

GET/api/intelligence/risk-index

Composite compliance risk scores per industry. Risk score is derived from maturity (40%), remediation days (30%), and automation gap (30%). Returns riskScore (0–100) and riskLevel label.

Query Parameters
ParameterTypeValuesDescription
industrystringfintech | saas | financial-services | healthcare | ecommerce | retail | hospitalityFilter to a single industry
Example Response
{
  "generatedAt": "2026-03-08T00:00:00.000Z",
  "crossIndustryAvgRisk": 52,
  "industries": [
    {
      "industry": "hospitality",
      "displayName": "Hospitality",
      "maturity": 47,
      "remDays": 10.4,
      "automation": 35,
      "sampleSize": 590,
      "riskScore": 70,
      "riskLevel": "High"
    },
    {
      "industry": "saas",
      "displayName": "SaaS",
      "maturity": 65,
      "remDays": 5.4,
      "automation": 74,
      "sampleSize": 920,
      "riskScore": 31,
      "riskLevel": "Low-Moderate"
    }
  ]
}
GET/api/intelligence/leaderboards

Top 10 anonymised cohort leaderboard for a given industry and metric. Cohorts are labelled (e.g. "FinTech Cohort A") and include vsIndustryAvg delta percentage.

Query Parameters
ParameterTypeValuesDescription
industrystringfintech | saas | retail | ...Industry to rank (default: fintech)
metricstringmaturity | cost | hours | automation | remediationMetric to rank by (default: maturity)
Example Response
{
  "generatedAt": "2026-03-08T00:00:00.000Z",
  "industry": "saas",
  "metric": "automation",
  "leaderboard": [
    {
      "rank": 1,
      "cohortLabel": "Saas Cohort A",
      "score": 94,
      "vsIndustryAvg": 27,
      "metric": "automation",
      "industry": "saas"
    }
  ]
}
GET/api/intelligence/benchmark-network

Maturity score percentile distribution (P10/P25/P50/P75/P90) across the GRCTrack benchmark network. Includes cross-network aggregated percentiles and per-industry breakdown.

Query Parameters
ParameterTypeValuesDescription
industrystringfintech | retail | ...Filter to a single industry
Example Response
{
  "generatedAt": "2026-03-08T00:00:00.000Z",
  "metric": "maturity_score",
  "crossNetworkPercentiles": {
    "p10": 35, "p25": 45, "p50": 58,
    "p75": 68, "p90": 76
  },
  "industries": [
    {
      "industry": "fintech",
      "p10": 45, "p25": 55, "p50": 68,
      "p75": 78, "p90": 84,
      "sampleSize": 810
    }
  ]
}
GET/api/intelligence/framework-comparison

Side-by-side compliance framework benchmark comparison: PCI DSS v4.0.1, ISO 27001:2022, SOC 2 Type II. Returns maturity, cost, audit hours, remediation days, automation rate, certification body, and sample size.

Query Parameters
ParameterTypeValuesDescription
frameworkstringPCI_DSS_v4 | ISO_27001_2022 | SOC_2_Type_IIFilter to a single framework
Example Response
{
  "frameworks": [
    {
      "framework": "PCI_DSS_v4",
      "displayName": "PCI DSS v4.0.1",
      "avgMaturity": 58,
      "avgCostUSD": 169143,
      "avgAuditHours": 953,
      "avgRemediationDays": 8.0,
      "avgAutomationRate": 55,
      "certificationBody": "PCI SSC (QSA/ISA)",
      "sampleSize": 4721
    }
  ]
}
GET/api/intelligence/industry-trends

Year-over-year trend data from 2020 to 2026 per industry. Returns a trend array with one value per year and a YoY growth rate for the latest period.

Query Parameters
ParameterTypeValuesDescription
industrystringfintech | healthcare | ...Filter to a single industry
metricstringmaturity | automation | cost | auditHoursTrend metric (default: all)
Example Response
{
  "yearRange": "2020-2026",
  "trends": [
    {
      "industry": "fintech",
      "displayName": "FinTech",
      "metric": "automation",
      "unit": "% adoption",
      "yoyGrowth": 15.1,
      "trend": [
        { "year": 2020, "value": 40 },
        { "year": 2021, "value": 51 },
        { "year": 2026, "value": 95 }
      ]
    }
  ]
}
GET/api/intelligence/compliance-statistics

Top-level summary statistics for the entire GRCTrack benchmark network. Single object — no query parameters. Useful for dashboards and summary widgets.

Example Response
{
  "generatedAt": "2026-03-08T00:00:00.000Z",
  "totalProgrammes":    4721,
  "industries":         7,
  "countries":          22,
  "avgMaturity":        58,
  "avgAuditHours":      953,
  "avgCostUSD":         169143,
  "avgAutomationRate":  55,
  "avgRemediationDays": 8.0,
  "topIndustry":        "FinTech",
  "bottomIndustry":     "Hospitality",
  "yearDataRange":      "2020-2026"
}

Risk Score Formula

The composite risk score is computed from three weighted components:

riskScore = (100 - maturity)        × 0.40   // Maturity gap
          + (remediationDays / 15 × 100) × 0.30   // Remediation delay
          + (100 - automationRate)       × 0.30   // Automation gap

riskLevel = score >= 65 ? "High"
          : score >= 50 ? "Moderate"
          :               "Low-Moderate"
← Intelligence APIDeveloper Hub →