Skip to contentSkip to content
Developer Documentation

Compliance Intelligence API

Free, read-only JSON API for PCI DSS compliance benchmark intelligence. No auth required. Access maturity scores, audit hours, remediation delays, automation rates, and compliance costs across 7 industries and 22 countries.

No Auth RequiredRate: 1,000 req/dayk-Anonymity ProtectedJSON + CORS
Base URLhttps://grctrack.io/api/intelligence

Data source: GRCTrack Benchmark Network — 4,721 programmes, 7 industries, 22 countries. All values are anonymised aggregates protected by k-anonymity (k ≥ 5). Updated monthly.

Endpoints

All endpoints accept GET requests and return application/json. Optional query parameters can filter results by industry or framework.

EndpointMethodQuery ParamsDescription
/maturity-indexGETnoneCross-industry PCI DSS maturity scores with percentile breakdowns and year-over-year deltas.
/industry-benchmarksGETindustry?Full benchmark metrics per industry: maturity, audit hours, cost, automation rate, and remediation days.
/audit-hoursGETindustry?Audit hours benchmarks broken down by industry and compliance framework.
/remediation-delaysGETindustry?Remediation delay benchmarks including best-in-class, worst-in-class, and per-industry trends.
/automation-adoptionGETindustry?Automation rate trends from 2020 to 2026 across 7 industries with year-over-year growth data.
/compliance-costGETindustry?, framework?Compliance cost breakdown by industry and framework, including component-level cost allocation.
/framework-benchmarksGETframework?Benchmark data across PCI DSS v4, ISO 27001:2022, and SOC 2 Type II frameworks.

Endpoint Reference

GEThttps://grctrack.io/api/intelligence/maturity-index

Cross-industry PCI DSS maturity scores with percentile breakdowns and year-over-year deltas.

Example Request

curl https://grctrack.io/api/intelligence/maturity-index

Example Response

{ "generatedAt": "2026-03-08T00:00:00.000Z", "source": "GRCTrack Benchmark Network — 4,721 compliance programmes, 7 industries, 22 countries", "methodology": "Aggregated from voluntary benchmark submissions...", "crossIndustryAvg": 58, "industries": [ { "industry": "fintech", "displayName": "FinTech", "maturityScore": 68, "percentile25": 55, "percentile75": 78, "percentile90": 84, "yoyDelta": 3, "tier": "Developing", "sampleSize": 810 }, { "industry": "saas", "displayName": "SaaS", "maturityScore": 65, "percentile25": 52, "percentile75": 75, "percentile90": 81, "yoyDelta": 4, "tier": "Developing", "sampleSize": 920 } // ... 5 more industries ] }
GEThttps://grctrack.io/api/intelligence/industry-benchmarks

Full benchmark metrics per industry: maturity, audit hours, cost, automation rate, and remediation days.

Query Parameters

industry?

Example Request

curl https://grctrack.io/api/intelligence/industry-benchmarks?industry=fintech
GEThttps://grctrack.io/api/intelligence/audit-hours

Audit hours benchmarks broken down by industry and compliance framework.

Query Parameters

industry?

Example Request

curl https://grctrack.io/api/intelligence/audit-hours?industry=fintech
GEThttps://grctrack.io/api/intelligence/remediation-delays

Remediation delay benchmarks including best-in-class, worst-in-class, and per-industry trends.

Query Parameters

industry?

Example Request

curl https://grctrack.io/api/intelligence/remediation-delays?industry=fintech
GEThttps://grctrack.io/api/intelligence/automation-adoption

Automation rate trends from 2020 to 2026 across 7 industries with year-over-year growth data.

Query Parameters

industry?

Example Request

curl https://grctrack.io/api/intelligence/automation-adoption?industry=fintech
GEThttps://grctrack.io/api/intelligence/compliance-cost

Compliance cost breakdown by industry and framework, including component-level cost allocation.

Query Parameters

industry?framework?

Example Request

curl https://grctrack.io/api/intelligence/compliance-cost?industry=fintech&framework=PCI_DSS_v4

Example Response

{ "generatedAt": "2026-03-08T00:00:00.000Z", "crossIndustryAvgUSD": 169143, "byIndustry": [ { "industry": "fintech", "costUSD": 120000, "trend": -5, "framework": "PCI DSS v4.0.1" }, { "industry": "saas", "costUSD": 98000, "trend": -7, "framework": "PCI DSS v4.0.1" } // ... 5 more industries ], "breakdown": [ { "component": "QSA / Audit Fees", "pct": 40, "avgUSD": 67657 }, { "component": "Remediation / Tooling", "pct": 35, "avgUSD": 59200 }, { "component": "Internal Labour", "pct": 25, "avgUSD": 42286 } ] }
GEThttps://grctrack.io/api/intelligence/framework-benchmarks

Benchmark data across PCI DSS v4, ISO 27001:2022, and SOC 2 Type II frameworks.

Query Parameters

framework?

Example Request

curl https://grctrack.io/api/intelligence/framework-benchmarks?industry=fintech&framework=PCI_DSS_v4

Industry Filter Values

Pass as ?industry= query parameter

fintechsaasfinancial-serviceshealthcareecommerceretailhospitality

Framework Filter Values

Pass as ?framework= query parameter

PCI_DSS_v4ISO_27001_2022SOC_2_Type_II

Rate Limits & Data Policy

Rate Limit

1,000 requests / day

Per IP address. No account required. Exceeding the limit returns HTTP 429.

Authentication

None required

All endpoints are publicly accessible. No API key, no sign-up, no OAuth.

CORS

Enabled (all origins)

Cross-Origin Resource Sharing is enabled. Call the API directly from browser JavaScript.

Data Freshness

Monthly updates

Benchmark data is refreshed every month from the GRCTrack network. Each response includes a generatedAt timestamp.

Privacy Model

k-Anonymity (k ≥ 5)

No individual organisation data is exposed. All values are cross-organisation aggregates meeting k-anonymity standards.

Format

JSON (UTF-8)

Content-Type: application/json. All numeric fields use standard JSON numbers. Dates are ISO 8601 UTC strings.

TypeScript Types

All response shapes are defined in the GRCTrack open-source type definitions.

// MaturityIndexResponse — GET /maturity-index interface MaturityIndexResponse { generatedAt: string; // ISO 8601 UTC source: string; methodology: string; crossIndustryAvg: number; // 0-100 maturity score industries: IndustryMaturityRecord[]; } interface IndustryMaturityRecord { industry: string; // e.g. "fintech" displayName: string; // e.g. "FinTech" maturityScore: number; // 0-100 percentile25: number; percentile75: number; percentile90: number; yoyDelta: number; // year-over-year change (points) tier: 'Advanced' | 'Developing' | 'Foundational'; sampleSize: number; } // ComplianceCostResponse — GET /compliance-cost interface ComplianceCostResponse { generatedAt: string; crossIndustryAvgUSD: number; byIndustry: { industry: string; costUSD: number; trend: number; // % change YoY framework: string; }[]; breakdown: { component: string; // "QSA / Audit Fees" | "Remediation / Tooling" | "Internal Labour" pct: number; // percentage of total cost avgUSD: number; }[]; }

Related Resources

Benchmark Tool

Interactive compliance benchmark tool. Compare your programme against industry peers.

Data Sources

Methodology and data sources behind the GRCTrack benchmark network.

Maturity Index

Full PCI DSS maturity index with industry rankings and trend analysis.

Data Syndication

Embed GRCTrack intelligence in your own platform via widgets or white-label data.