Loaded With Enterprise-Class GRC Features, Yet So Easy To Use!

Compliance Manager GRC includes powerful features designed to deliver the IT security assurance required by any organization. Yet, it’s so easy to use, any non-technical compliance stakeholder can participate in the process.​

Stay compliant today, and tomorrow, with our continuous innovation process that keeps pace with the ever-expanding IT security and regulatory environment.​

Take a tour

Our Continuous Innovation

Take a peek at some of our latest new features:

Essential 8 Maturity Level 2 Released June 20, 2024

Compliance Manager GRC now supports the new Essential 8 Maturity Level 2 IT security requirements published by the Australian Signals Directorate in November 2023.

This updated Compliance Manager GRC standard includes references to the Australian Signals Directorate's Information Security Manual (ISM) controls and associated Australian Cyber Security Centre guidance to make it easy for IT professionals and MSPs to perform assessments and manage ongoing IT security compliance needs based on the use of the Essential 8 security safeguards.

ISO 27002:2022 Released June 6, 2024

Compliance Manager GRC now supports the ISO 27002 Standard.

The new Compliance Manager GRC standard enables IT professionals and MSPs to easily navigate the ISO 27002 controls in their effort to perform readiness assessments for businesses that utilize the ISO 27001 - Annex A security controls necessary to implement their information security management system based on ISO 27001.

NIST Cybersecurity Framework 2.0 Released April 25, 2024

Compliance Manager GRC now supports the new NIST Cybersecurity Framework (CSF) 2.0 published by NIST on February 26, 2024. This new Compliance Manager GRC standard makes it easy for IT professionals and MSPs to navigate the new NIST CSF 2.0 security requirements to perform assessments and manage ongoing IT security compliance needs.

Multi Sites View Released Feb 20th

Offers a unified dashboard for managing compliance assessments across multiple sites. This enhances operational efficiency, simplifies compliance processes, and improves overall productivity for users.

GCC High Azure AD Scan Released November 16th

The new GCC High Microsoft Entra ID (formerly Azure AD) Scan in Compliance Manager GRC is designed to probe the Microsoft government cloud, which is a dedicated environment in Microsoft Azure tailored for U.S. federal, state, local, and tribal governments, as well as contractors managing sensitive data like CUI and ITAR data.

Kaseya Cybersecurity Fundamentals Standard Released July 27th

The Kaseya Cybersecurity Fundamentals is a streamlined framework tailored for swift implementation using Compliance Manager GRC. This entry-level standard is inspired by the NIST Cybersecurity Framework's core principles, while harnessing the full power of Compliance Manager GRC's automated data collection features.

AICPA - SOC 2 Standard Released June 29th

Compliance Manager GRC supports the AICPA Trust Services Criteria for SOC 2. The software includes a built-in IT compliance process template for SOC 2 that dramatically streamlines the collection of documentation neccessary for a SOC 2 examination.

POPIA Condition 7 Security Safeguards Released June 29th 2023

Compliance Manager GRC now supports South Africa's national consumer protection standard -- The Protection of Personal Information Act (POPIA). It includes all of the IT security requirements as detailed in Condition 7 of the law, making it easy for IT professionals and MSPs to achieve compliance.

DATTO Workplace PII Data Feed Released June 23rd 2023

Through a seamless workflow automation, sensitive information stored in Datto Workplace is identified and incorporated into Compliance Manager GRC's Sensitive Data Assessment reports and worksheets. Data collected includes the type of sensitive data discovered, permissions, file locations, and more.

Sensitive Data Assessment Released June 8th 2023

Compliance Manager GRC includes purpose-built data scanners that identify files that contain a variety of sensitive data types and includes the results in worksheets and reports required by different government and industry standards. It also identifies which drives are encrypted.

FTC Safeguard Rule Released April 20th 2023

The FTC Compliance Management Template enables users to perform assessments their compliance with the FTC Safeguards Rule, a US regulation covering anyone with access to consumer personal financial information. It requires them to implement, and maintain a comprehensive information security program to protect customer information.

CIS Critical Security Controls v8 Released April 13th 2023

Compliance Manager GRC supports the CIS Critical Security Controls, Version 8 (CIS v8) cybersecurity framework. There are three separate templates for each of the three main Implementation Groups (IG) included in the framework.

Compliance Management Templates

Built-in management templates for common standards and frameworks

Provides regulations and controls to assess common standards including HIPAA, NIST CSF, CMMC, NY DFS, Cyber Liability Insurance, GDPR, Cyber Essentials, Essential 8, with more being added on a regular basis.​

Supports Any Standard or IT Requirement

Custom templates (standards) can be created using the build-in common controls, and new controls can also be defined and included in the templates/standards.​

Customizable Libraries of Controls, Requirements, and Standards

New feature allows IT professionals – whether they are MSPs or work in IT Departments – to quickly assess their level of compliance with whatever set of IT requirements they specify. ​


Built-in Standards, Requirements & Controls.

Compliance Manager GRC has dozens of major government and industry standards built into the platform that includes all of the requirements and controls specific to each standard pre-set and ready to use out of the box. You can also create your own standards and customize or create any requirement or controls to match your specific policies and procedures. Watch the video.

Take a tour

Assessment Results presented in Graphical Dashboards

New consolidated dashboard allows users to view the progress of assessments, regardless of the type of assessment being managed. ​

Tracks Common Controls Across Multiple Standards

Control sets from multiple standards can be tracked and managed together. Saves time and allows multiple controls to be assessed and documented at the same time.

Standard Specific Reports

Each Compliance Management Template includes a complete set of standard-specific reports. ​


Multiple Assessment Types.

 Just getting started and want to perform a Rapid Baseline Assessment to see where you stand? Compliance Manager GRC has the solution. Then, when you are ready to do a full Requirements or Controls Assessment with automated data collection, you’ll be able to build on what you started. Watch the video.

Automated Compliance Process​

Automated Data Collection​

There are automated data collectors for the LAN, Cloud and individual computers that gather detailed information to be used in the technical assessment.​​

Policies & Procedures Selection and Generation

Dynamically builds a customized policies and procedures manual for each standard managed. ​

Automated Report Generation​

Automatically generates a dynamic set of evidence of compliance and reports for every standard, regulation and security program you manage. ​

Dynamic Plans of Action & Milestones

Automatically create the documentation that details resources required to accomplish the elements of the plan, milestones for meeting the tasks, and the scheduled completion dates for the milestones. ​


360-Degree Automated Data Collection.

Compliance Manager GRC has the industry’s most comprehensive set of automated data collection tools to dramatically cut the time it takes to assess and audit compliance with any standard. Collect IT and security data from networks, computers, users, on prem, in the AWS or Microsoft Cloud (including GCC High), on remote machines. You can also collect data on Windows machines using light-weight Discovery Agents included with the platform. Please watch the video for more information.

Self-Serve Brandable Portals

Assessment Results presented in Graphical Dashboards and Brandable Reports

New consolidated dashboard allows users to view the progress of assessments, regardless of the type of assessment being managed.​

Employee Policy Review/Acceptance Portal​

Supports the ability to “turn on” a branded Employee/End User Self-Serve Portal to help meet common compliance requirements.​ ​

3rd Party Vendor Assessments & Compliance​​

Includes a “self-service” vendor risk management portal that makes it easy for third parties to complete assessments against any standards you pick​​

Role Based Task Portal

​Any Person with an assessment question to answer, or task to do, can access a personal “My Work” portal to access the task.


Engage Your Entire Team.

Compliance Manager GRC includes separate portals for an unlimited number of users to collaborate in compliance. Internal Stakeholders, Subject Matter Experts, even External auditors can have their own log-ins and filtered views. Employees and vendors, too, all at no extra cost! Watch the video.

Additional Features​

Role-based Architecture

Ensures most accurate answers since the person responsible and with knowledge answers the questions. For MSPs, this also saves time since they do not need to address the worksheets assigned to others at the company.​

Scanless Rapid Baseline Assessment Questionnaires​

Guided questionnaires to quickly determine whether you meet the difference requirements of any control ​

Built-in End-User Training, Tracking & Reporting​​

Ensures and documents that all employees have completed the training as part of the compliance requirements.​ ​

Customizable Libraries of Controls, Requirements, and Standards

This allows for the tracking and remediation of compliance issues for multiple standards at the same time, dramatically reducing risk through improved and more efficient compliance management​

Tracks Common Controls Across Multiple Standards​

Eliminates duplication of effort managing the same control for multiple standards.


Done-For-You Compliance Documentation.

 Policies & Procedures Manuals, Plans of Action & Milestones, Technical Assessment Reports, Evidence of Compliance . . . Compliance Manager GRC generates all of these customized documents dynamically based on the latest information available, all automatically and on-demand. Watch the video.

Manage Vendor Risk with New “Self-Serve” Portal​ ​

Compliance Manager GRC now includes a “self-service” vendor risk management portal that makes it easy for third parties to complete assessments against any standards you pick, by logging into a branded web-based portal and completing the appropriate questionnaires. You can optionally require the vendors to also upload their evidence of compliance.​

Get Started


VulScan Integration​

Data from VulScan internal and/or external scans can be imported to be included in the Technical Risk reports and the POA&M to document risks.​

BullPhish Training Integration

Integration with BullPhish ID provides access to over 50 additional training videos that can be used in the Employee Portal to educate employees on additional security and compliance topics.​​

IT Glue Integration – IT Glue (Document Links) & Export Reports​

Import technical documents about a sites IT resources from IT Glue as attachments into your Compliance Manager GRC assessment worksheets and surveys. Also Export the reports from an assessment into IT Glue. ​ ​

Billing Integration​

Automatically update the BMS contract with billing data from the site, such as number of users, based on successful scan/assessment data.​

Backup Integrations

If you subscribe to Datto or Unitrends backup services, you can automatically import back-up log data  into your Compliance Manager GRC assessments. This allows you to easily gather evidence of backup compliance during the Technical Review in the Asset Inventory Worksheet.

Integration with VSA Agents for Local Data Collection

VSA Agents can run the Compliance Manager GRC local data collectors and upload the information into the assessment.

IT Complete Workflow Integrations

Export POAM Tickets to Autotask


Datto EDR Endpoint Threat Detection and Response Evidence of Compliance

Datto EDR

Datto EBPC Direct-to-Cloud PC Backup Training Evidence of Compliance

Datto EBPC

Datto BCDR Endpoint Backup Evidence of Compliance

Datto BCDR

Datto EBS Direct to Cloud Server Backup Evidence of Compliance

Datto EBS

Passly Two Factor Authentication Evidence of Compliance


This feature incorporates critical data from two-factor authentication processes, bolstering the security infrastructure and compliance posture of organizations. 

Datto Backup for Microsoft Azure Cloud VM Evidence of Compliance

Datto Backup for Microsoft Azure

Datto RMM Patch Management Evidence of Compliance

Datto RMM

Dark Web ID Monitored Domains Evidence of Compliance

Dark Web ID

RocketCyber Endpoint Firewall and Microsoft 365 Threat Monitoring Evidence of Compliance


Graphus Cloud Email Security Evidence of Compliance


BullPhish ID Security Awareness Training Evidence of Compliance: 

BullPhish ID

With this integration, results from security awareness trainings administred through Bullphish ID are automatically fed into Compliance Manager GRC as evidence of compliance for any standards that require this type of training. Evidence includes metrics that validate end users have taken the training.

Automated Customer Onboarding in Compliance Manager GRC

IT Glue

ITC Compliance Manager GRC + myITProcess Integration


Sensitive Data Scan and Summary

Datto Workplace

SaaS Back-Up Status & Evidence of Compliance

Datto SaaS Protection

Datto Workplace PII Data Feed in Compliance Manager GRC

Datto Workplace

Data Collection Automation


Avoids the manual collection and update of Compliance data by using VSA agent procedures to automatically gather and update the relevant information. This ensures more accurate Compliance reporting and simpler, more frequent Compliance procedure. 

VulScan Integration – Evidence of Compliance


The integration automates the import of vulnerability data from VulScan into Compliance Manager GRC, enabling the generation of Technical Risk reports to document and assess organizational compliance risks. This streamlined process not only saves time and resources but also enhances audit readiness through the Evidence of Compliance feature, facilitating better audit outcomes.

Search & Attach IT Glue documents as Evidence of Compliance

IT Glue

This integration empowers users to search for and attach pertinent IT Glue documents directly to Compliance Manager GRC worksheets, simplifying the process of gathering and organizing evidence needed for compliance assessments. By facilitating seamless access and attachment of relevant documentation from IT Glue to Compliance Manager GRC worksheets, this integration streamlines the evidence collection process, making it easier and more efficient for organizations to demonstrate compliance during assessments and audits.

Licensing Integration for BMS billing


This integration streamlines customer billing by automatically updating BMS contracts with each customer’s usage of Compliance Manager GRC services, eradicating the need for manual reconciliation and ensuring accurate billing for the Kaseya services provided. Through automated updates of BMS contracts based on Compliance Manager GRC usage, this integration significantly reduces manual reconciliation time, optimizes revenue collection, and ensures billing accuracy, thereby enhancing the overall efficiency of the customer billing process.

Automatic Archiving of Compliance Manager Reports in IT

IT Glue

The integration automates the transmission of Compliance Manager GRC reports directly to the corresponding organizations within IT Glue, centralizing all compliance documentation in one accessible location. This integration simplifies compliance tracking by consolidating all necessary documentation within IT Glue, making it easier for organizations to manage and demonstrate compliance, while also potentially expediting audit processes.

Export Compliance issues to BMS Ticketing


This integration automates the export of assessment risks from Compliance Manager GRC to BMS as tickets, thereby creating a seamless pathway for tracking, billing hours for work, and ensuring remediation tasks are duly completed to uphold compliance standards. By automatically translating assessment risks into tickets within BMS, this integration significantly saves time, ensures precise billing for work conducted, and fosters a structured approach to remediation, aiding in the maintenance of compliance.

Engage The Right People On The Right Tasks With Role Based Task Assignments

Compliance Manager GRC now includes the ability to help IT professionals manage compliance by assigning specific assessment questions to an individual or group of individuals. This allows the IT staff to handle the technical questions and assign the rest to subject matter experts and other stakeholders. The result is assurance that compliance assessments are more accurate and complete.​

Get Started


  • Anytime you take advantage of the custom standard creation feature of Compliance Manager GRC – for example, if you create a standard to manage your own internal IT security program – Compliance Manager GRC will create a customized manual to document it.
  • Anytime you make a change to your process in Compliance Manager GRC – like adding a new requirement or changing the procedures you follow – the Policies & Procedures Manuals are automatically updated the next time you generate them.​

Management of Custom Controls and Standards​

Compliance Manager GRC is a process architecture that accommodates the management of multiple compliance standards. It also provides users that ability to generate custom standards based on common controls.

It allows IT professionals – whether they are MSPs or work in IT Departments – to quickly assess their level of compliance with whatever set of IT requirements they specify. ​

The software includes a web-based dashboard that allows the IT professional to track and remediate compliance issues for multiple standards at the same time, dramatically reducing risk through improved and more efficient compliance management.​

Dynamic Policies and Procedures Creation​

With this latest release, Compliance Manager GRC dynamically builds you a customized policies and procedures manual for each standard you are managing, and the manual reflects any adjustments that you make to the procedures you follow.


Covers every standard, including industry frameworks and custom requirement sets.​


Automated data collection, processing and report-generation.​

Priced Right​

The most affordable enterprise-class GRC platform available.​

What Our Customers are Saying

Read more reviews

For me it's the user-friendly interface as well as scalability, as our organizations grow, their compliance requirements may become more complex. My clients appreciate the work we have done to ensure they have a centralized place to retrieve documents in case of an audit.

John S.

Helpful tool to assist with meeting enterprise compliance requirements.

Adel B

Great product. Easy to use, easy to implement, helps take some of the load off of us MSPs!

Tabitha T

Compliance Manager makes it easy to perform security attestations for customers. You can fill out the data once per year and then use the report to submit to customers and vendors asking for security reports.

Justin P

Compliance is hard but Compliance Manager GRC eases the complexity.

Wayne H.

A quality tool for those that need it. Replacing all of our manual documentation with a centralized repository for policy made our certification process much easier.

Spiros S.

Makes managing our HIPAA securiy painless. We used to struggle with audits every month for HIPAA; it was a chore to maintain our documentation in a format that was easy to access and utilize.

Tammy H.

Compliance manager is easy to setup and use. It functions as a vital tool in our toolkit to ensure compliance for our client base. We have utilized other solutions in the past. However, the ability to integrate direct client interaction with scanning and reviewing makes it the perfect fit for our customers and us. The interface is intuitive, the scanning and integration is seamless and the centralized storage location of compliance documentation makes coordination and implementation much less painful.

Zackary W.

Takes compliance and makes it manageable again. Before partnering with our compliance vendor and using compliance manager, we were stuck in the past documenting via paper, pen and storing in locked file cabinets. Compliance Manager GRC gives us a combined, easy-to-navigate portal to access our necessary compliance documentation anywhere, anytime.

Kelly T.

Our one stop shop for compliance administration.

Tyler S.

With Compliance Manager GRC in our toolbox, we're able to master our HIPAA compliance without the previous headaches brought on by manually documenting our practices.

Jill S.

A product that just works. It is a simple to use tool that allows us to ensure our business practices are aligned with our compliance goals.

Henry T

We can quickly pull up information when needed and add documentation when new gaps are discovered with ease. There's virtually no downtime, which gives us peace of mind about being able to provide proof of our compliance status anywhere, anytime.

Erin H.

Compliance manager meets our needs regarding ongoing managed compliance for our clients. It makes managing continued compliance easy and convenient. We're able to work in tandem with our clients to provide a comprehensive solution.

Shawn D.

The Perfect Fit For Our Compliance Needs. Compliance Manager GRC is easy to use. We’ve been able to implement the necessary controls by providing access to the appropriate key to members of our team with the knowledge to implement any required documentation and changes.

Harry R.

Compliance Manager GRC allows us to scan our client's networks and get accurate answers to many compliance answers. It also generates all the needed documentation and supporting forms needed to show compliance status, and scores.

Matthew H.

The ability to manage so many different clients on so many compliance frameworks is a blessing in itself. The ability to manage vendors, have client views and store artifacts is icing on the cake. Top it off with the cherry of robust reporting and exhibits is that cherry we all need.

Roman S.

The best thing about this Compliance manager GRC is that it allows organisations to enforce policies and procedures related to IT security and regulatory compliance. It provides a centralised platform to communicate document and track adherence to these policies.

Surya S.

Some of the upsides to using Compliance Manager are: Ability to access compliance documents via the cloud, anywhere; Scalability, new employees can easily be brought into the compliance management team quickly; Ease of use, the software is very easy to pickup and use

Oscar R

Overcome the Biggest IT Challenges and Responsibilities

  • Reduce Risk
  • Reduce Complexity
  • Save Money
Get a Demo