NorthGRC is a long-term, international, and leading provider of management systems for governance, risk, and compliance. We help our customers manage compliance demands and operational risk by empowering them with our industry-leading platform, consultancy from industry experts, and resources that will be of value to any professional working with InfoSec, IT, and GDPR.

The core of our deliveries is our all-in-one full-featured ISMS for ISO 27001/2 compliance and GDPR. Inside the GRC platform you'll find risk management, vendor management, task management, and 50+ templates for all your compliance documentation, procedures, and policies.


NorthGRC has since 2002:

  • WORKED WITH + 10.000 information security professionals
  • DELIVERED SOLUTIONS to +1000 companies


We generate extreme value for our customers by gathering policies, IT controls, and risk information that is in disparate locations throughout the enterprise; automating repeatable information security processes and allowing the organizations to quickly respond to new compliance demands, audit requests, and evolving business risks.

The NorthGRC compliance platform is an efficient GRC platform delivered as a cloud service (SaaS). The library of information security and data protection policies and easy-to-use templates allows organizations to rationalize and reduce security controls, perform full lifecycle management of risk assessments and IT audits, and create one defensible standard of care. NorthGRC's content engine can rapidly incorporate and map between unlimited control frameworks, standards, and regulations. Whether your issues are ISO 27001/2, GDPR, compliance with PCI DSS, governmental regulations, or managing evolving business risks, NorthGRC allows your organization to respond effectively and instantly to these challenges and "future proof" your compliance program.