GRC & Compliance
Industry-leading governance, risk management, compliance automation, and third-party risk providers
Try:
Prominent GRC & Compliance Vendors
Industry-leading vendors in this security domain
ServiceNow
Digital Transformation
OneTrust
AI Governance
Drata
Enterprise
Vanta
Enterprise
Archer
Enterprise
SecurityScorecard
Third-Party Risk Management
Bitsight Technologies
Cybersecurity
Black Kite
Cybersecurity
Secureframe
Enterprise
Hyperproof
Enterprise
LogicGate
Enterprise
TrustArc
Accountable AI
Capability Legend
GRC
GRC Platform
Comply
Compliance Automation
Risk
Risk Assessment
Policy
Policy Management
Audit
Audit Management
TPRM
Third-Party Risk
SOC 2
SOC 2 Automation
ISO
ISO 27001
Vendor
Vendor Risk
Privacy
Privacy Compliance
Monitor
Continuous Monitoring
Enterprise GRC Platform (19)
ServiceNow
ServiceNow is an American software company that supplies a cloud computing platform for the creation and management of automated business workflows. I
OneTrust
OneTrust helps companies manage privacy, consent, and AI governance while automating compliance and reducing risk to build trust and drive innovation.
Archer
Archer is a leading integrated risk management platform that enables organizations to manage governance, risk, and compliance across the enterprise. T
LogicGate
LogicGate provides industry-leading Governance, Risk, and Compliance (GRC) software solutions that streamline and automate processes, helping organiza
Avertro
Avertro provides a unified platform for threat defense, automating compliance and quantifying risk across enterprise environments. The company offers
Cyber Sierra
Cyber Sierra offers an AI-powered cybersecurity platform that provides automated continuous control monitoring, third-party risk management, and GRC s
DRTConfidence
DRTConfidence enables enterprises and government agencies to automate compliance management with multiple regulatory frameworks, enhancing their overa
DataBee
DataBee unlocks the power of data with a cloud-native security data fabric and AI-powered network detection and response solutions for cybersecurity a
DigitalXForce
DigitalXForce leads the IDC MarketScape 2025 assessment for worldwide governance, risk, and compliance software vendors. It provides an Enterprise Sec
Diligent
Diligent Corporation is a software as a service company that enables groups to share and collaborate information for board meetings. It offers AI-powe
FAIR Institute
The FAIR Institute The company provides enterprise-grade governance, risk, and compliance solutions for organizations worldwide. Its platform is desig
MetricStream
MetricStream offers Governance, Risk Management and Compliance (GRC) software solutions that allow companies across industries to streamline and autom
Panaseer
Panaseer's Continuous Controls Monitoring platform helps organizations reduce control failures by providing automated, trusted insight into their cybe
Reasonable Risk
Reasonable Risk is a DoCRA-based GRC SaaS Platform that facilitates SEC Compliance and helps organizations establish reasonable security. It serves th
RiskApp
RiskApp Solutions Platform automates compliance with AI, providing real-time risk management and tailored risk scoring based on risk appetite. The com
Safe Security
SAFE is a leader in Autonomous Cyber Risk Management for strategic (CRQ), exposure (CTEM), and third-party (TPRM) risk management on a unified platfor
SafePaaS
SafePaaS provides a comprehensive access governance platform that enables organizations to automate security incident detection and prevention, access
SmartSuite
SmartSuite is a cloud-based enterprise platform that unifies risk, compliance, audit, third-party risk, resilience, and workflows to drive execution.
StandardFusion
StandardFusion provides a centralized and adaptive GRC platform that gives organizations clarity and consistency in managing risk, compliance, and aud
Compliance Automation (15)
Drata
Drata is a leading compliance automation platform that helps companies achieve and maintain SOC 2, ISO 27001, HIPAA, PCI DSS, and GDPR compliance thro
Vanta
Vanta automates the complex and time-consuming process of SOC 2, HIPAA, ISO 27001, PCI, and GDPR compliance certification. The company provides a plat
Secureframe
Secureframe automates compliance and security processes for businesses using AI-powered capabilities, streamlining tasks such as evidence collection,
Hyperproof
Hyperproof's GRC platform turns GRC into a growth engine. Eliminate duplicate work and see 66% reduction in duplicative controls. The company automate
Controllo
Controllo simplifies compliance across multiple frameworks by linking controls, artifacts, and risks, eliminating redundancy and duplication. One Plat
FireMon
FireMon's firewall policy management platform provides real-time visibility and control over hybrid IT environments. It unifies, governs, and continuo
Scrut Automation
Scrut Automation helps businesses build risk-aligned security programs that scale with them, providing AI-powered solutions for compliance and risk ma
Segura
Segura is a leading provider of Privileged Access Management (PAM) solutions, offering a comprehensive suite of products and services to secure and co
Sky BlackBox
Sky BlackBox is an AI-powered Vendor Risk Management platform that automates third-party risk assessments, enhances vendor compliance, supports supply
Sprinto
Sprinto delivers autonomous trust with real-time monitoring, continuous compliance, and unified risk management for organizations across various indus
Thoropass
Compliance with confidence - Thoropass is the only end-to-end compliance solution offering expert guidance, thorough prep, and a seamless security aud
Tripwire
Tripwire, now part of Fortra, provides enterprise security configuration management, vulnerability management, and file integrity monitoring solutions
Trustero
Trustero is Advanced AI for Security and Compliance Teams that handles time-consuming tasks like gap analysis, remediation, questionnaire automation,
VioletX
VioletX operates the trust infrastructure that makes audits routine and risk visible in real time. Federal-grade security and compliance for the compa
ZenGRC by Reciprocity
ZenGRC offers comprehensive GRC solutions that unify, simplify, and automate compliance, risk, and governance initiatives for organizations. The compa
Third-Party & Vendor Risk (13)
SecurityScorecard
SecurityScorecard is a cybersecurity company that provides a supply chain and third-party risk management platform powered by AI. It helps organizatio
Bitsight Technologies
Bitsight Technologies, Inc. is a cybersecurity company that provides security performance monitoring, exposure analysis, and risk management for compa
Black Kite
Black Kite offers a cyber ratings tool dedicated to third-party risk intelligence, providing real-time, multi-source verified intelligence for vendors
Attaxion
Attaxion helps lean security teams find and manage their web-facing assets, uncovering exposures and prioritizing cyber risks through agentless traffi
CybelAngel
CybelAngel offers a range of products and services for external threat intelligence, including Attack Surface Management, Data Breach Prevention, Dark
Cybersixgill
BitSight Technologies, Inc. is a cybersecurity company that does security performance monitoring, exposure analysis, and risk management for companies
Nudge Security
SaaS and AI security platform that provides visibility and control over distributed application ecosystems. Offers shadow SaaS/AI discovery, SaaS secu
Panorays
Panorays is a comprehensive third-party cyber risk management platform that monitors Risk DNA for early threat detection and proactive defense. It pro
Prevalent
Mitratech Prevalent is an AI-powered third-party risk management software that automates workflows and simplifies compliance for organizations. The co
ProcessUnity
ProcessUnity is a top-rated provider of Third-Party Vendor Risk Management solutions, helping organizations safeguard themselves through AI-powered in
RiskRecon by Mastercard
RiskRecon provides actionable insights to help organizations manage cyber risks and threats through its threat intelligence and third-party risk manag
UpGuard
UpGuard is the #1 Cyber Risk Posture Management Software Platform that helps businesses manage security risks across their information technology supp
Whistic
Whistic is a third-party risk management software company that automates vendor assessments and shares security posture to build customer trust. It of
Privacy & Data Governance (12)
TrustArc
TrustArc bridges the gap between privacy and data for deeper insights, broader access, and continuous compliance. The company provides software and se
Arexdata Security Solutions
Arexdata DSPM is a comprehensive data security platform that audits, classifies, and protects sensitive company data, ensuring centralized visibility
DataSunrise
DataSunrise offers comprehensive database security solutions with advanced database firewall, activity monitoring, masking, and compliance capabilitie
Ethyca
Ethyca builds trusted data infrastructure to govern sensitive data in real time with automated inventory, consent, and AI enforcement. The company pro
Exterro (FTK)
Maker of the Forensic Toolkit (FTK), a gold-standard full-disk forensic imaging, processing, and review platform trusted for decades in courtrooms wor
Global Relay
Global Relay is a technology services company providing software-as-a-service electronic message archiving, instant messaging, compliance and supervis
Jatheon Technologies
Jatheon Technologies Inc develops AI-enabled data archiving and information governance solutions for regulated industries. The company provides softwa
Lumos
Lumos is an autonomous identity platform that eliminates identity sprawl and fatigue by providing a single platform for access reviews, self-service a
Protecto AI
Protecto AI provides secure AI solutions with real-time Role-Based Access Control (RBAC) and context-based access control to prevent sensitive data le
Smarsh
Smarsh provides comprehensive archiving and compliance solutions for highly regulated industries through its cloud-based platform, offering tools for
Spirion
archTIS is a data security company that specializes in sensitive data governance and protection. Its core business involves providing automated discov
Zivver
Zivver Secure Business Email provides complete email security and effortless data compliance for businesses. It offers secure email solutions, threat
Audit & Assurance (11)
A-LIGN
A-LIGN is a compliance and cybersecurity services provider that helps organizations navigate the scope and complexity of their specific security needs
AuditBoard
Optro is an AI-powered Governance, Risk, and Compliance (GRC) platform that helps enterprises manage risk and compliance through a unified system of a
Bureau Veritas
Bureau Veritas is a global leader in testing, inspection, and certification services. The company provides a wide range of products and services to en
Bureau Veritas Cybersecurity
Bureau Veritas Cybersecurity provides cybersecurity services to organizations, including risk assessment, compliance management, and incident response
Coalfire
Coalfire is a cybersecurity and compliance services company that works with enterprises and tech businesses in FedRAMP, cloud migration, AI Risk, pene
Optro
Optro is an AI-powered Governance, Risk, and Compliance (GRC) platform that unifies audit, risk, infosec, and compliance into a single connected syste
Pen Test Partners
Pen Test Partners provides cyber security consulting and testing to a huge variety of industries and organisations. With offices in the US and UK, we'
Prescient Security
Prescient Security simplifies cybersecurity and compliance for over 5,000 clients worldwide by providing services such as SOC, ISO, HITRUST, FedRAMP,
SISA
SISA is a cybersecurity leader that specializes in securing payment ecosystems through compliance, security, and privacy solutions. It serves global p
depthfirst
depthfirst is an AI-native platform that understands your code, business logic, and infrastructure to find more vulnerabilities, slash false positives
risk3sixty
risk3sixty helps businesses build and manage robust security, privacy, and compliance programs to empower them and assure stakeholders. They specializ
AI Governance & Risk (10)
ALERT AI
ALERT AI - "Secure AI Anywhere" AI Security gateway. Autonomous AI Security, Resilience, Policy Management - AI Apps, AI Agents, AI Tools.. The compan
Cranium AI
Cranium AI provides end-to-end AI cybersecurity governance solutions to global enterprises, helping them ensure the security and compliance of their A
Credo AI
Credo AI provides operationalized trusted AI governance solutions that enable enterprises to discover, assess, and govern every AI agent, model, and a
DeepKeep AI Security Platform
DeepKeep safeguards AI with AI-native security and trustworthiness from the research and development phase of machine learning models through risk ass
FireTail
FireTail is an AI security & governance platform that provides complete visibility and control over AI usage across all environments. The company offe
Noma Security
Noma Security provides AI security solutions for enterprises to protect against AI-specific threats and ensure regulatory compliance. The company offe
Openlayer
Openlayer provides AI governance and observability solutions for trust & control in AI systems. It offers native integrations with various AI models,
Pillar Security
Pillar Security provides a unified platform to identify, assess, and mitigate security risks across the entire AI lifecycle, offering comprehensive vi
Weights & Biases
Weights & Biases is an AI developer platform that enables companies to build, manage, and deploy AI models with confidence. The company provides a sui
Xeris
Xeris provides complete visibility, control, and enforcement across the entire enterprise AI universe-powered by autonomous Super Agents that govern A
Specialized GRC & Risk (71)
AKA Identity
AKA Identity revolutionizes identity management through data science, data engineering, and agents, serving security and IT organizations with a team
Aleph Alpha
Aleph Alpha develops specialized language models and AI solutions for enterprises and public institutions in Europe, focusing on large language models
Alloy
Alloy is an American financial technology company that provides an identity decisioning and risk management platform used by banks, credit unions, and
Anchore
Anchore provides software supply chain security solutions that automate vulnerability scanning, SBOM management, and compliance enforcement for contai
Asimily
Asimily is the leading top-rated IT, IoT, OT & IoMT exposure management platform enabling Visibility, Vulnerability Prioritization, Risk Mitigation, T
Astrix Security
Astrix secures agent identities with governance, least-privilege access, and full audit trails for AI agents & NHIs, a critical need in the industry.
Beyond Encryption
Beyond Encryption provides secure email and identity solutions to protect sensitive information in every interaction. The company offers Mailock for s
Booli.ai
Booli is the world's first identity-centric SIEM that ties alerts to people, not just events - giving security teams the context they need to act fast
BotCity
BotCity provides enterprise governance for Python and AI at scale, helping global organizations maintain control, security, and compliance across Pyth
Brinqa
Brinqa delivers AI-driven exposure intelligence that unifies cyber risk data, clarifies ownership, and helps enterprises focus on what matters most. I
Censys
Censys empowers security teams with the most comprehensive, accurate, and up-to-date map of the internet to defend attack surfaces and hunt for threat
Classiq
Classiq is the only enterprise-grade Quantum Software Engineering Platform that helps teams build real quantum capability and get results today. Build
Codacy
Codacy governs code quality, security, and AI coding policies from a single place, enabling dev teams to ship safely without slowing down. The company
Echoworx Email Encryption
Echoworx delivers secure email encryption for modern enterprises, providing sovereignty as a service and transforming compliance challenges into compe
Fable Security
Fable Security reimagines human risk management with AI-powered interventions, assessing and mitigating employee security risks through behavioral ana
Filigran
Filigran offers an open-source eXtended Threat Management platform that unifies threat intelligence, security validation, and remediation to help orga
Forescout Technologies
Forescout provides continuous asset visibility, compliance, and network security across IT, OT, and IoT environments through its 4D Platform. The comp
Heimdall Data
Heimdall Data provides performance security intelligence to optimize and secure databases for Fortune 100 companies. The company offers database proxy
Hoxhunt
The Hoxhunt Human Risk Management Platform provides an AI-powered cybersecurity training platform for phishing simulations and security awareness trai
INSSIDE
INSSIDE provides comprehensive cybersecurity services to clients, aligning with industry standards. It offers various services including GRC, Blue Tea
Iru
Iru is an American technology company that develops an enterprise device management and security platform. It provides AI-powered solutions for identi
Jumio
Jumio is an online identity verification company that offers AI-powered identity verification and validation products for mobile and web transactions.
Keepit
Keepit offers cloud data protection services for SaaS applications, providing immutable backup and recovery solutions to ensure business continuity an
Key2XS
Key2XS provides comprehensive access governance solutions for critical organizations, ensuring security, compliance, and operational efficiency throug
KnowBe4
KnowBe4 is a Gartner Magic Quadrant Leader (December 2025) delivering the HRM+ (Human Risk Management) platform combining security awareness training,
Kymatio
Kymatio empowers organizations to detect and manage human cyber risk through its AI-driven platform, providing complete cybersecurity awareness and tr
Linx Security
Linx Security provides an AI-native platform for identity security, visibility, and governance, offering automated identity management, risk analysis,
LuxSci
LuxSci provides secure healthcare communications solutions designed for personalization and hypersegmentation, including HIPAA compliant email, market
Mailjet
Mailjet is a French email marketing platform that provides cloud-based solutions for designing, sending, and tracking both marketing and transactional
Mandiant
Mandiant is a cybersecurity consulting firm that helps organizations transform their cyber defense capabilities through incident response, threat inte
MetaCompliance
MetaCompliance is a human risk management platform that offers security awareness, compliance, policy, and risk analytics solutions to help organisati
NAVEX
NAVEX is a risk and compliance solutions provider helping organizations worldwide simplify compliance and confidently manage risk by connecting its so
NetRise
NetRise provides comprehensive insight into the many risks present in firmware and software components through its automated, cloud-based platform. Th
Nisos
Nisos provides human risk management and digital investigations to help organizations detect, investigate, and mitigate human threats. It offers solut
Nuix
Nuix Ltd is an Australian technology company that produces investigative analytics and intelligence software for extracting knowledge from unstructure
ONEKEY
ONEKEY provides an all-in-one platform for product cybersecurity and compliance, offering automated SBOM management, vulnerability analysis, and compl
One Identity
One Identity is a cybersecurity platform and unified identity security solution that enables organizations to protect their people, applications, and
OpenText (EnCase)
Gold-standard computer forensics platform with 30+ years of courtroom-proven reliability. EnCase collects and analyzes data from 36,000+ device types
Opsin Security
Opsin Security helps enterprises securely deploy and govern AI applications, identifying data exposure risks and providing continuous monitoring to ke
Paubox
Paubox provides HIPAA-compliant email security solutions for healthcare organizations, protecting against advanced threats and ensuring compliance wit
PhishingBox
PhishingBox offers cybersecurity training and phishing simulations to protect against ransomware, malware, mobile threats, and social engineering atta
PreVeil
PreVeil provides end-to-end encrypted email and file sharing solutions for defense and regulated industries, ensuring compliance with CMMC, NIST, ITAR
PricewaterhouseCoopers (PwC)
PricewaterhouseCoopers (PwC) is a multinational professional services network that provides audit and assurance, consulting, and tax services to clien
PsyberCog Labs
PsyberCog Labs specializes in developing AI-powered risk assessment and resilience solutions that transform human risk into measurable resilience for
Qanapi
Qanapi provides quantum-resistant security solutions to protect companies' data. The company offers an encryption API that helps teams meet compliance
Qualys
Qualys, Inc. is an American technology firm specializing in cloud security, compliance, and related services, with over 10,300 customers worldwide. Th
Ray Security
Ray Security is a predictive data security platform that reduces data risk by over 90% through its proprietary engine and dynamic protection implement
Right-Hand Cybersecurity
Right-Hand Cybersecurity offers an AI-powered platform for security awareness and human risk management, providing automated social engineering simula
SMARTFENSE
SMARTFENSE offers cybersecurity solutions for risk management, culture development, and regulatory compliance. The company specializes in social engin
SailPoint Technologies
SailPoint Technologies, Inc is a leader in identity security, providing a unified platform to secure every identity. The company offers adaptive ident
Sardine
Sardine's AI platform is at the core of enterprise risk and fraud workflows, allowing them to consolidate vendors and improve operational efficiency.
Sath
Sath's flagship product IDHub is an Identity and Access Management solution that safeguards sensitive data, prevents unauthorized access, and maintain
SecuMailer
SecuMailer offers secure and encrypted email solutions for individuals and businesses, protecting sensitive communications with GDPR-compliance. The c
SecurEnds
SecurEnds provides cloud-based identity security solutions for forward-thinking companies to automate user access reviews, entitlement audits, and com
Sepio
Sepio Zero Trust Hardware Security enhances network security by seeing, assessing, and mitigating risk across all known and shadow IT assets. The comp
Stamus Networks
Uncover hidden threats and respond confidently with Clear NDR by Stamus Networks. The platform provides clear visibility, multi-layer detection, and a
Tego AI
Tego AI provides complete visibility and control over AI agents in your enterprise. Discover, govern, and monitor all AI agents with our agentic secur
ThreatConnect
ThreatConnect provides a threat intelligence platform that enables companies to aggregate and act upon threat intelligence for network defense. The co
Todyl
Todyl empowers businesses with innovative cybersecurity modules that consolidate comprehensive security into a quick-to-deploy, single-agent platform.
Upwind
Upwind secures cloud deployments and applications through real-time visibility from the inside out, providing live maps of network and application top
Utimaco
Utimaco is a company active in the sector of cybersecurity and compliance solutions with headquarters in Aachen, Germany, and Campbell, California, US
Vade Secure
Vade Secure is a global leader in AI-powered email security, protecting over 1.4 billion mailboxes worldwide with its advanced solutions for Microsoft
Veriff
Veriff is a global identity verification service company that provides AI-powered identity verification solutions for online businesses to mitigate fr
Virtru
Virtru is a global data encryption and digital privacy provider founded in 2012. The company delivers end-to-end encryption and access control for ema
Wolters Kluwer
Wolters Kluwer provides information, software, and services for professionals in various industries, including law, business, tax, accounting, finance
eMudhra
eMudhra Limited is a digital security company that provides SSL certificates and PKI platforms for enterprises. The company offers streamlined digital
enclaive.io
enclaive offers confidential cloud computing solutions that enable secure processing and storage of sensitive data in the cloud. The company provides
env0
env0 enables enterprises to deliver infrastructure up to 10x faster without losing control through its cloud governance platform, providing features s
sirar by stc
sirar by stc is a cutting-edge cybersecurity provider that empowers organizations to take control of their cyber capabilities and digital environments
usecure
usecure is an automated human risk management platform that helps MSPs and IT teams reduce cyber risk, prove compliance, and save time with security a
xorlab
xorlab provides advanced email security solutions built on AI-powered technology to defend against sophisticated phishing attacks and protect organiza