Demonstrate compliance
Map controls once and show coverage across every framework you answer to.
- Framework & maturity tracking
- Linked evidence — not copies
- Board-ready executive summaries
For GRC, InfoSec and privacy teams at multi-site organisations — one system for frameworks, risks, controls, audits, vendors and assets.
Already a customer? Sign in to your workspace
NIS2 · GDPR · ISO 27001 · DORA — answered from one set of controls.
Retail, healthcare and services organisations across Northern Europe use GRChub to run one connected compliance programme — from entity register to board reporting.
“We needed one place where a finding becomes an action, a control satisfies NIS2 and GDPR, and the board sees live status — not a slide deck.”— GRC programme lead, multi-site organisation
Same navigation, registers and views as the live GRC Console — recoloured for GRChub. Your deployment uses your brand on the header.
Northern Europe · Single source of truth
Governance, risk and compliance overview for 22 stores across Denmark, Sweden, Norway, Finland and the Netherlands.
Operational stores
22
Total store staff
412
Optician autorisations
38
Active risks
18
Open actions
12
Overview — the same welcome screen, store metrics and compliance health customers see on sign-in.
Risk Register — band summary, residual heatmap and highest exposures, matching the live register dashboard.
Controls — status bands, Register/Coverage tabs and framework implementation bars from the live module.
Every audit finding gets an owner, deadline and linked remediation — tracked in the same register your team already uses.
Attach evidence to a control once and satisfy NIS2, GDPR, ISO 27001 and your internal policies from the same set.
Executive summaries and PDF exports pull live data — no last-minute scramble before a committee meeting.
GRChub is organised around what compliance teams actually deliver — not just a list of modules.
Map controls once and show coverage across every framework you answer to.
Audits, findings, actions and the annual wheel in one workflow your team can maintain.
Vendors, assets and privacy assessments tied back to your entities and controls.
No more spreadsheets per framework and screenshots in folders. The registers link to each other, so a finding becomes an action, a risk shows its controls, and an audit updates your maturity — automatically.
See inherent and residual risk side by side, link the controls that treat each one, and watch the score move as you act.
Map one set of controls to every framework you answer to, and track maturity as evidence builds.
Plan audits, score controls, and turn every finding into tracked remediation with an owner and a deadline.
Tier vendors by data access and criticality, and keep their assessments on a schedule that won't slip.
Keep a live NIS2 inventory of the equipment in every site, reconciled straight from field audits.
Run DPIAs and your DP, InfoSec, legal and tiering assessments from one privacy workspace.
GRChub maps to how compliance actually runs, so the tool follows your process instead of fighting it.
Add your sites, stores or business units — the things you actually have to cover.
Attach controls once and satisfy NIS2, GDPR, ISO 27001 and more from the same set.
Audits, findings, actions, vendor and asset reviews flow through one connected system.
Board-ready summaries and linked evidence that are always current — no scramble before a meeting.
GRChub is built on the same controls it helps you manage. Your data stays governed, in your region, behind your identity provider. Read the trust centre →
Sign in through Microsoft Entra or your own identity provider, with access scoped per person.
People see only what their role needs. Every change is attributable and logged.
Hosted on Microsoft Azure, with your data kept in the region you choose.
Point to the source of record in SharePoint or your DMS — no shadow copies to keep in sync.
GRChub scales with the entities and frameworks you cover — not per seat, so your whole team can take part. Tell us your size and we'll put a number to it.
A single entity getting compliance off spreadsheets.
Multi-site teams answering to several regulators.
Group-wide programmes with SSO and residency needs.
| Feature | Starter | Growth | Enterprise |
|---|---|---|---|
| Entities / sites | 1 group | Multiple | Unlimited |
| Frameworks | Up to 3 | Unlimited | Unlimited |
| Risk, controls & audits | ✓ | ✓ | ✓ |
| Vendors & assets | — | ✓ | ✓ |
| Data privacy & DPIA | — | ✓ | ✓ |
| GRC Watch intelligence | — | ✓ | ✓ |
| Microsoft Entra SSO | — | — | ✓ |
| Data residency choice | — | — | ✓ |
| Support | Priority |
Pricing is based on your entity footprint, not per user — so your whole GRC, InfoSec and privacy team can participate. Request a quote.
Still deciding? These are the questions compliance and IT teams ask most often.
See GRChub mapped to your frameworks and entity structure. A 30-minute walkthrough with your questions — not a generic slide deck.
Enter your organisation name to open your apps portal. Access is verified through Microsoft Entra — your identity determines which apps you can use.
Or sign in with Microsoft directly.
GRChub is a governance, risk and compliance platform for multi-site organisations in regulated sectors. We help GRC, InfoSec and privacy teams run one connected programme across entities, frameworks and third parties — hosted on Microsoft Azure with Entra ID sign-in.
We process account and usage data to deliver the GRChub service. Customer GRC data is stored in your chosen Azure region and is not used for advertising. Contact hello@grchub.io for a full privacy notice or DPA.
GRChub is provided to customers under a subscription agreement covering service levels, support and acceptable use. Evaluation access is offered on request. Full terms are shared during onboarding and contracting.
GRChub runs on Microsoft Azure (hosting, Cosmos DB, Entra ID authentication). We maintain a sub-processor list for customers — request the current register at hello@grchub.io.