ControlCase IT-GRC Platform

ControlCase GRC is now available in the Cloud as ControlCase Cloud GRC. Requires no lengthy setup, no hardware, no perpetual licensing fees, just a simple online configuration (performed by ControlCase and included in the pricing) and subscription pricing. Fit for all kinds of organizations - large and small.
If you were always thinking about a switching from email and spreadsheets to a GRC platform but were turned off by the high prices and lengthy installation and configuration time, ControlCase Cloud GRC is the answer - be up and running in less than a week in most cases.

More information




Government and industry regulations have steadily increased the demands of organizations to act in an effort to safeguard private information and provide a more trustworthy business environment. However, the frequency and complexity of regulations have placed a huge burden on organizations that, until now, have kept IT organizations in a constant reactive mode.


ControlCase GRC is a consolidated framework that quickly and cost-effectively enables IT governance, risk management and compliance (GRC) with one or several government or industry regulations simultaneously. It allows IT organizations to proactively address issues related to GRC and implement a foundation that is consistent and repeatable. With ControlCase GRC organizations are able to:

  • Improve IT Governance
  • Accelerate time to compliance
  • Reduce and manage risk
  • Enable sustained compliance more effectively
  • Improve collaboration and consistency
  • Gather information from internal and external users through online questionnaires
  • Bridge information silos
  • Align regulatory needs to business requirements
  • Lower the cost of becoming and remaining compliant
  • Prove compliance

Using a consolidated framework simplifies and automates several key compliance needs that include:

  • Workflow automation
  • Questionnaires for data collection
  • Adherence to control frameworks
  • Analyzing and testing controls
  • Mapping of standards and controls
  • User self-assessment
  • Measuring impact to the organization
  • Measuring and clarifying risk
  • Third-party and Vendor risk management
  • Tracking and Implementing corrective actions
  • Reporting on compliance and risk

ControlCase GRC framework is composed of tightly integrated components to deliver a highly flexible approach to compliance. The components include:

  • Web-based user interface
  • Policy, Content and document manager
  • Customizable Master control frameworks
  • Vendor manager
  • Gap and Incident manager
  • Asset and Vulnerability manager
  • Questionnaires and Assessments
  • Workflow engine
  • Access control
  • Data connectors
  • Report generator

ControlCase GRC uses compliance and standard specific ControlKits that are predefined and pre-populated best practices to enable compliance. ControlKits are available for several existing mandates and standards including PCI, SOX, GLBA, FISMA , ISO 2700X, HIPAA, NIST and other regulations and standards. They plug directly into the ControlCase GRC framework. ControlKits are continuously updated to reflect the latest changes or adaptation of regulations to make certain that your compliance objectives are up to date. ControlKits can also be custom built to meet your specific compliance or internal control needs using an existing ControlKit as a basis or designing one from scratch.

Based on the regulatory or compliance need, ControlCase GRC is easily configurable to your unique business processes and individual requirements. Configuration is accomplished via a Web interface, It does not require software developers or systems integrator. Business users are provided with administrative screens and user documentation to configure the platform based on your own requirements.

ControlCase GRC is designed for use by executive management, risk/audit professionals and business process owners striving to become and sustain compliance throughout the regulation lifecycle. It provides instant visibility and tracking throughout the organization to compliance readiness.