What compliance frameworks does GRCTrack support?

GRCTrack supports 10 compliance frameworks: PCI DSS 4.0.1 (322 controls), ISO 27001:2022 (93 controls), SOC 2 Type II (64 controls), HIPAA Security (45 controls), GDPR 2016/679 (99 controls), NIST CSF 2.0 (106 controls), NIS2 Directive (21 controls), SWIFT CSP 2024 (32 controls), Cyber Essentials UK (5 controls), and CE Plus UK (5 controls).

How is GRCTrack different from Vanta, Drata, and Sprinto?

GRCTrack is the only compliance platform built by qualified security assessors (QSAs). It features 6 dedicated portals, 7 AI intelligence engines, 53 drag-and-drop dashboard widgets, 15 granular RBAC roles, 10 visual themes, 11 languages, and support for niche frameworks like SWIFT CSP, NIS2, and Cyber Essentials that no competitor covers. Starting at £999/year vs $6,000+ for alternatives.

What are the 7 AI intelligence engines?

Flo — conversational AI assistant; FloAva — contextual guidance alongside controls; Policy Copilot — AI policy document generation; Evidence Intelligence — automatic categorisation and framework mapping; Remediation Intelligence — prioritised ticket creation with Jira/ServiceNow integration; Architecture Intelligence — AI-powered network diagram generation; Human Risk Intelligence — employee risk scoring and behavioural analytics.

What are the 6 portals?

QSA Admin Portal for multi-client assessment management; Merchant Portal for self-service compliance; Acquirer Command Center for portfolio-wide visibility; Auditor Portal for assessment execution; Client Portal for stakeholder tracking; Partner Portal for MSSPs with white-label and revenue sharing.

Does GRCTrack include security awareness training?

Yes. GRCTrack includes a full Training & Awareness Governance module aligned to PCI DSS Requirement 12.6. Features include mandatory course assignment, interactive quizzes, certification tracking, policy acknowledgement with digital signatures, and one-click audit evidence export. It also includes AI phishing simulation with campaign scheduling, behavioural analytics, and automated remediation.

What is the CISO Command Centre?

The CISO Command Centre is an executive dashboard providing real-time visibility across human risk scores, training completion, policy governance, privileged user exposure, departmental risk heatmaps, and awareness maturity metrics — all in a single pane of glass designed for security leadership.

Can I customise dashboards and themes?

Yes. GRCTrack offers 53 drag-and-drop dashboard widgets with role-aware sizing. You can choose from 10 visual themes (Pearl, Arctic, Slate, Rosé, Obsidian, Midnight, Ember, Forest, Aurora, System) and configure white-label branding with custom logos, colours, and domains.

Is there a free trial?

Yes. All multi-framework plans include a free trial — no credit card required. SAQ-A plans include a 30-day money-back guarantee. Enterprise customers can schedule a personalised demo first.

Scoping Tool

Calculate Your PCI Scope Reduction

See how tokenisation, P2PE, and segmentation can dramatically reduce your PCI compliance scope, cost, and complexity.

Current Scope

Systems in CDE25

1100

Network Segments5

120

Data Stores3

110

Third Parties5

120

Reduction Strategies

Tokenisation

Replace card data with tokens to remove systems from CDE scope

-40% systems-20% data stores

Point-to-Point Encryption (P2PE)

Validated P2PE solution removes POS systems and network segments from scope

-60% systems-40% segments

Outsourced Payment Page

Redirect or iframe payment page to a PCI-compliant service provider

-50% systems-30% segments

Network Segmentation

Isolate CDE with firewalls and access controls to reduce in-scope segments

-30% segments-20% systems

Cloud Shared Responsibility

Leverage cloud provider PCI compliance for infrastructure controls

-15% systems-10% data stores

Scope Comparison

Systems in CDE25

Network Segments5

Data Stores3

Third Parties5

Estimated Controls329

Before

After

Cost & Complexity

Before

$59,220 – $148,050

estimated annual cost

Medium

After

$59,220 – $148,050

estimated annual cost

Medium

Implement scope reduction with GRCTrack

GRCTrack maps your scope reduction strategies to specific PCI controls and automates evidence collection.

Start Free Trial

Frequently Asked Questions

How does tokenisation reduce PCI scope?

Tokenisation replaces cardholder data with non-sensitive tokens, removing systems that handle tokens from CDE scope. This can reduce applicable controls by 40-70% depending on implementation. Token vaults remain in scope, but operational systems using tokens do not.

What is P2PE in PCI DSS?

Point-to-Point Encryption (P2PE) is a PCI SSC-validated encryption solution that encrypts card data from the point of interaction (terminal) to the secure decryption environment. PCI-validated P2PE solutions can reduce SAQ scope to as few as 33 controls (SAQ P2PE).

Can I outsource PCI compliance entirely?

You can outsource payment processing but not PCI compliance responsibility. Using a PCI-validated payment processor reduces your scope (potentially to SAQ A), but you remain responsible for managing the provider relationship, maintaining policies, and completing your annual SAQ.