Question 1

What compliance frameworks does GRCTrack support?

Accepted Answer

GRCTrack supports 10 compliance frameworks: PCI DSS 4.0.1 (322 controls), ISO 27001:2022 (93 controls), SOC 2 Type II (64 controls), HIPAA Security (45 controls), GDPR 2016/679 (99 controls), NIST CSF 2.0 (106 controls), NIS2 Directive (21 controls), SWIFT CSP 2024 (32 controls), Cyber Essentials UK (5 controls), and CE Plus UK (5 controls).

Question 2

How is GRCTrack different from Vanta, Drata, and Sprinto?

Accepted Answer

GRCTrack is the only compliance platform built by qualified security assessors (QSAs). It features 6 dedicated portals, 7 AI intelligence engines, 53 drag-and-drop dashboard widgets, 15 granular RBAC roles, 10 visual themes, 11 languages, and support for niche frameworks like SWIFT CSP, NIS2, and Cyber Essentials that no competitor covers. Starting at £999/year vs $6,000+ for alternatives.

Question 3

What are the 7 AI intelligence engines?

Accepted Answer

Flo — conversational AI assistant; FloAva — contextual guidance alongside controls; Policy Copilot — AI policy document generation; Evidence Intelligence — automatic categorisation and framework mapping; Remediation Intelligence — prioritised ticket creation with Jira/ServiceNow integration; Architecture Intelligence — AI-powered network diagram generation; Human Risk Intelligence — employee risk scoring and behavioural analytics.

Question 4

What are the 6 portals?

Accepted Answer

QSA Admin Portal for multi-client assessment management; Merchant Portal for self-service compliance; Acquirer Command Center for portfolio-wide visibility; Auditor Portal for assessment execution; Client Portal for stakeholder tracking; Partner Portal for MSSPs with white-label and revenue sharing.

Question 5

Does GRCTrack include security awareness training?

Accepted Answer

Yes. GRCTrack includes a full Training & Awareness Governance module aligned to PCI DSS Requirement 12.6. Features include mandatory course assignment, interactive quizzes, certification tracking, policy acknowledgement with digital signatures, and one-click audit evidence export. It also includes AI phishing simulation with campaign scheduling, behavioural analytics, and automated remediation.

Question 6

What is the CISO Command Centre?

Accepted Answer

The CISO Command Centre is an executive dashboard providing real-time visibility across human risk scores, training completion, policy governance, privileged user exposure, departmental risk heatmaps, and awareness maturity metrics — all in a single pane of glass designed for security leadership.

Question 7

Can I customise dashboards and themes?

Accepted Answer

Yes. GRCTrack offers 53 drag-and-drop dashboard widgets with role-aware sizing. You can choose from 10 visual themes (Pearl, Arctic, Slate, Rosé, Obsidian, Midnight, Ember, Forest, Aurora, System) and configure white-label branding with custom logos, colours, and domains.

Question 8

Is there a free trial?

Accepted Answer

Yes. All multi-framework plans include a free trial — no credit card required. SAQ-A plans include a 30-day money-back guarantee. Enterprise customers can schedule a personalised demo first.

SAQ Type	Profile	QSA / SAQ	Pen Test	Scanning	Tooling	Staffing	Total / Year
SAQ-A	Small (e-comm, outsourced)	$2k–$8k	$3k–$8k	$1k–$3k	$5k–$15k	$20k–$40k	$31k–$74k
SAQ-D (Merchant)	Mid-market	$8k–$25k	$8k–$20k	$3k–$8k	$20k–$60k	$80k–$150k	$119k–$263k
SAQ-D (SP)	Mid-market SP	$15k–$40k	$12k–$30k	$5k–$12k	$30k–$80k	$100k–$200k	$162k–$362k
Level 1 ROC	Enterprise	$40k–$200k	$20k–$60k	$8k–$25k	$60k–$200k	$200k–$500k	$328k–$985k

PCI Compliance Cost 2026

Cost by SAQ Type (2026)

FAQ

Get Your Personalised Cost Estimate