Question 1

What compliance frameworks does GRCTrack support?

Accepted Answer

GRCTrack supports 10 compliance frameworks: PCI DSS 4.0.1 (322 controls), ISO 27001:2022 (93 controls), SOC 2 Type II (64 controls), HIPAA Security (45 controls), GDPR 2016/679 (99 controls), NIST CSF 2.0 (106 controls), NIS2 Directive (21 controls), SWIFT CSP 2024 (32 controls), Cyber Essentials UK (5 controls), and CE Plus UK (5 controls).

Question 2

How is GRCTrack different from Vanta, Drata, and Sprinto?

Accepted Answer

GRCTrack is the only compliance platform built by qualified security assessors (QSAs). It features 6 dedicated portals, 7 AI intelligence engines, 53 drag-and-drop dashboard widgets, 15 granular RBAC roles, 10 visual themes, 11 languages, and support for niche frameworks like SWIFT CSP, NIS2, and Cyber Essentials that no competitor covers. Starting at £999/year vs $6,000+ for alternatives.

Question 3

What are the 7 AI intelligence engines?

Accepted Answer

Flo — conversational AI assistant; FloAva — contextual guidance alongside controls; Policy Copilot — AI policy document generation; Evidence Intelligence — automatic categorisation and framework mapping; Remediation Intelligence — prioritised ticket creation with Jira/ServiceNow integration; Architecture Intelligence — AI-powered network diagram generation; Human Risk Intelligence — employee risk scoring and behavioural analytics.

Question 4

What are the 6 portals?

Accepted Answer

QSA Admin Portal for multi-client assessment management; Merchant Portal for self-service compliance; Acquirer Command Center for portfolio-wide visibility; Auditor Portal for assessment execution; Client Portal for stakeholder tracking; Partner Portal for MSSPs with white-label and revenue sharing.

Question 5

Does GRCTrack include security awareness training?

Accepted Answer

Yes. GRCTrack includes a full Training & Awareness Governance module aligned to PCI DSS Requirement 12.6. Features include mandatory course assignment, interactive quizzes, certification tracking, policy acknowledgement with digital signatures, and one-click audit evidence export. It also includes AI phishing simulation with campaign scheduling, behavioural analytics, and automated remediation.

Question 6

What is the CISO Command Centre?

Accepted Answer

The CISO Command Centre is an executive dashboard providing real-time visibility across human risk scores, training completion, policy governance, privileged user exposure, departmental risk heatmaps, and awareness maturity metrics — all in a single pane of glass designed for security leadership.

Question 7

Can I customise dashboards and themes?

Accepted Answer

Yes. GRCTrack offers 53 drag-and-drop dashboard widgets with role-aware sizing. You can choose from 10 visual themes (Pearl, Arctic, Slate, Rosé, Obsidian, Midnight, Ember, Forest, Aurora, System) and configure white-label branding with custom logos, colours, and domains.

Question 8

Is there a free trial?

Accepted Answer

Yes. All multi-framework plans include a free trial — no credit card required. SAQ-A plans include a 30-day money-back guarantee. Enterprise customers can schedule a personalised demo first.

Industry	Median Cost	P25	P75	Avg Duration	Top Cost Driver
Fintech	$78k	$42k	$160k	6.8 wks	Cloud config, API security
SaaS	$82k	$45k	$165k	6.2 wks	Multi-tenant isolation
Financial Services	$140k	$72k	$280k	9.4 wks	Legacy patching, segmentation
Healthcare	$105k	$58k	$195k	8.1 wks	Dual HIPAA/PCI controls
E-Commerce	$62k	$38k	$110k	6.2 wks	API integrations, tokenisation
Retail	$58k	$32k	$120k	6.8 wks	POS patching, multi-location
Hospitality	$52k	$28k	$95k	5.2 wks	POS updates, staff retraining

PCI Remediation Report 2025

Remediation Costs by Industry

Frequently Asked Questions

Benchmark Your PCI Compliance Programme