Question 1

What compliance frameworks does GRCTrack support?

Accepted Answer

GRCTrack supports 10 compliance frameworks: PCI DSS 4.0.1 (322 controls), ISO 27001:2022 (93 controls), SOC 2 Type II (64 controls), HIPAA Security (45 controls), GDPR 2016/679 (99 controls), NIST CSF 2.0 (106 controls), NIS2 Directive (21 controls), SWIFT CSP 2024 (32 controls), Cyber Essentials UK (5 controls), and CE Plus UK (5 controls).

Question 2

How is GRCTrack different from Vanta, Drata, and Sprinto?

Accepted Answer

GRCTrack is the only compliance platform built by qualified security assessors (QSAs). It features 6 dedicated portals, 7 AI intelligence engines, 53 drag-and-drop dashboard widgets, 15 granular RBAC roles, 10 visual themes, 11 languages, and support for niche frameworks like SWIFT CSP, NIS2, and Cyber Essentials that no competitor covers. Starting at £999/year vs $6,000+ for alternatives.

Question 3

What are the 7 AI intelligence engines?

Accepted Answer

Flo — conversational AI assistant; FloAva — contextual guidance alongside controls; Policy Copilot — AI policy document generation; Evidence Intelligence — automatic categorisation and framework mapping; Remediation Intelligence — prioritised ticket creation with Jira/ServiceNow integration; Architecture Intelligence — AI-powered network diagram generation; Human Risk Intelligence — employee risk scoring and behavioural analytics.

Question 4

What are the 6 portals?

Accepted Answer

QSA Admin Portal for multi-client assessment management; Merchant Portal for self-service compliance; Acquirer Command Center for portfolio-wide visibility; Auditor Portal for assessment execution; Client Portal for stakeholder tracking; Partner Portal for MSSPs with white-label and revenue sharing.

Question 5

Does GRCTrack include security awareness training?

Accepted Answer

Yes. GRCTrack includes a full Training & Awareness Governance module aligned to PCI DSS Requirement 12.6. Features include mandatory course assignment, interactive quizzes, certification tracking, policy acknowledgement with digital signatures, and one-click audit evidence export. It also includes AI phishing simulation with campaign scheduling, behavioural analytics, and automated remediation.

Question 6

What is the CISO Command Centre?

Accepted Answer

The CISO Command Centre is an executive dashboard providing real-time visibility across human risk scores, training completion, policy governance, privileged user exposure, departmental risk heatmaps, and awareness maturity metrics — all in a single pane of glass designed for security leadership.

Question 7

Can I customise dashboards and themes?

Accepted Answer

Yes. GRCTrack offers 53 drag-and-drop dashboard widgets with role-aware sizing. You can choose from 10 visual themes (Pearl, Arctic, Slate, Rosé, Obsidian, Midnight, Ember, Forest, Aurora, System) and configure white-label branding with custom logos, colours, and domains.

Question 8

Is there a free trial?

Accepted Answer

Yes. All multi-framework plans include a free trial — no credit card required. SAQ-A plans include a 30-day money-back guarantee. Enterprise customers can schedule a personalised demo first.

Industry	Maturity	Annual Cost	Audit Hours	Remediation
FinTech	72/100	$98k	620h	5.8d
SaaS	70/100	$85k	590h	5.6d
Financial Services	68/100	$210k	1,080h	7.2d
Healthcare	62/100	$165k	880h	8.1d
eCommerce	61/100	$130k	780h	7.6d
Retail	55/100	$148k	850h	9.0d
Hospitality	49/100	$155k	920h	10.2d

Metric	ISO 27001	PCI DSS
Avg Maturity	62/100	58/100
Avg Annual Cost	$142k	$169k
Avg Audit Hours	820h	953h
Avg Remediation	7.4d	8.0d
Automation Rate	51%	54%
Sample Size	2,100+	4,700+

ISO 27001 Compliance Benchmark 2026

ISO 27001 Maturity by Industry

ISO 27001 vs PCI DSS — Benchmark Comparison

ISO 27001 Automation Adoption (2020–2026)

Key Benchmark Insights

Frequently Asked Questions

How much does ISO 27001 compliance cost on average?

How long does ISO 27001 implementation take?

What does ISO 27001 maturity mean?

How does ISO 27001 differ from PCI DSS?

Related Intelligence