SCF Controls Platform
Your entire GRC program — one platform

Compliance tooling for people who take the work seriously.

Operationalise the Secure Controls Framework™ with a platform that shows you where you are, what's missing, and what good looks like — without pretending evidence can be faked into existence.

Built by a practising GRC consultant for consultants, in-house GRC leads, and founders who want real certifications — not a dashboard that looks certified.

Built on the Secure Controls Framework™
1,451 Controls • 354+ Frameworks
Honest evidence maturity, L0–L5

Free tier available • No credit card required

1,451
Security Controls
354+
Framework Mappings
200+
Evidence Requirements
L0–L5
Evidence Maturity

The Full GRC Lifecycle

Controls, evidence, vendors, risks, and audits — managed against the Secure Controls Framework, with evidence maturity you can defend to an auditor.

New

Evidence Assessment

Upload evidence and get completeness scoring, gap flags, and recommendations grounded in SCF maturity criteria. Every assessment is auditable — you decide when a control is ready.

New

Vendor Management & TPRM

Structured vendor research, DPSIA-based security assessments, and risk scoring across your supply chain. Works with your existing vendor review process, not around it.

Enhanced

Evidence Collection

Webhook ingestion, drag-and-drop upload, a four-rule validation engine, and evidence health scoring with readiness tracking. Clear provenance on every artefact.

New

Audit Workspaces

Structured engagement workspaces with organised evidence, control tracking, and readiness scoring. Purpose-built for the audit, not for a marketing demo.

Enhanced

Risk Management

Interactive 5×5 matrix with 32 pre-seeded SCF risk codes, custom organisation risks, configurable risk profiles, and bidirectional risk-control linking. Built to inform treatment decisions, not decorate a PDF.

354+ Framework Mappings

Implement once, satisfy many. Cross-mapping across ISO 27001, SOC 2, GDPR, NIST 800-53, PCI-DSS, HIPAA, CMMC, FedRAMP, and hundreds more.

Who it's for

Built for practitioners. Both sides of the buyer — the consultants and the founders — can see themselves here.

GRC consultants

Managing multiple client engagements and tired of rebuilding control mappings for every new client. Spend billable hours on judgement work — scoping, advising, guiding — instead of maintaining spreadsheets.

In-house GRC and security leads

Running multi-framework programmes at SaaS and medtech companies. One source of truth across SOC 2, ISO 27001, and whatever comes next.

Founders pursuing certification

You want to understand what you're building, not outsource understanding to a platform. If you want the work done properly, faster — this helps. If you want the work to disappear, this isn't that kind of tool.

Start Free. Upgrade When Ready.

SCF-native GRC tooling. AI-assisted, human-led. No credit card required.

AI-assisted evidence and vendor review — you stay in control

Free

For individual GRC practitioners

$0/month
  • 1 organisation
  • Full SCF control catalog (1,400+)
  • All framework mappings (100+)
  • View evidence requirements
  • Basic risk register view

Pro

For small teams managing compliance

$649/month
  • 1 organisation
  • Evidence assessment + webhook inbox
  • Vendor management & DPSIA
  • Full risk module + audit workspaces
  • API access
Most Popular

Consultant

For GRC consultants with clients

$1,249/month
  • Up to 5 clients (add-ons available)
  • Everything in Pro + consultant portal
  • Cross-org compliance comparison
  • Audit workspaces per client
  • Custom branding

Custom

For large organisations

Contact Us
  • Unlimited clients
  • Everything in Consultant
  • SSO/SAML integration
  • Dedicated account manager
  • Bespoke development
View full feature comparison →

Compliance tooling, SCF-native.

Run controls, evidence, vendors, risks, and audits against the Secure Controls Framework. Built by a practising GRC consultant for people who want the work done properly.