System Modules

GRC ONE is an integrated, flexible solution that allows you to select the modules that you require. Each module comprises a register with underlying supplementary information which allows each register entry to be linked with other entries throughout the system.

Furthermore, each module can then be customised to suit different clients both in terms of the layout as well as which fields to display and what their labels should be.

Risks & Threats

The ‘core’ risks and underlying threats to your business, together with supporting information such as your risk ‘appetite’, any financial exposures and impact and likelihood scores.

Controls & Recovery Measures

A register of mitigating controls and the required measures put in place to recover from any event, plus the underlying individual processes within both of these.

Metrics & Thresholds

The various ‘Key Performance Indicators’ or thresholds you wish to set and record for your risks, controls, incidents, financial records, etc. in order to monitor your operational resilience.

Incidents & Breaches

The various incidents and breaches that may occur within your organisation and which may need recording.

Data Requests

The records of requests for information, and attendant details, from clients, vendors, employees, etc. under GDPR, Freedom of Information and other requests.

Actions & Tasks

The various actions and underlying tasks required from members of staff in relation to your risk environment.  In addition, email alerts are sent to these people, as well as reminders, if required.


A record of all your tangible and intangible assets and underlying components that you wish to maintain.

Documents & Files

A library of supporting documentation which may be either uploaded to the system or linked to their location on external servers.

Certifications & Training

A library of the various training courses available to your firm, the records of your employees’ training as well as details of their certifications as may be required by your organisation or regulators, etc.

Assessments & Checklists

A variety of assessments, checklists and attestations that can be created, customised and then completed within the system by your organisation.


In addition, common features throughout the system include:

  • Calendars Day-by-day indication of relevant events that affect the user;
  • Email notifications Alerts to appropriate user(s) when key entries are added, amended or deleted;
  • Customised weblinks Facility to add extra menu functions which may be either links to useful websites or links to other applications;
  • Audit trails Records of all changes to the various entries in the system;
  • Imports & exports Facilities to import data, say for implementation data ‘take on’, or to export data for use in other applications, e.g. reporting tools; and
  • APIs Defined ‘Application Programming Interfaces’ to enable the system to be integrated with other applications.