Keyed GRC is the cross-framework compliance program tracker built around one internal taxonomy. Map SOC 2, HIPAA, NIST AI RMF, and ISO 42001 controls into a single drillable view. Bring your own ticketing, document management, IdP, and notification stack — or use ours.
Every asset, vendor, person, policy, risk, and evidence artifact is canonical once and referenced everywhere — diagrams, controls, traceability matrix, reports, trust portal. Rename an asset and every diagram updates.
38 subcategories under 6 Keyed categories. Every framework control maps to one or more subcategories — auditors see their framework, you operate the union.
LLM automapper, evidence auto-tagging, vendor risk auto-tier, AI Systems catalog (ISO 42001 / NIST AI RMF). Every AI call cost-tracked + budget-enforceable.
Bring your ticketing (Jira / ServiceNow / Leantime), document management (Drive / SharePoint / S3), identity (Google / Okta / Keycloak), or use the Keyed defaults.
Bidirectional sync brings external GRC platforms into the same canonical view. Use Keyed GRC alongside what you have, or as the spine.
DFD, threat model, RBAC, network, system architecture, AI map — all live views over the asset graph. No more diagrams drifting from reality.
Polymorphic evidence attaches to controls, assets, risks, policies, vendors. Auto-collected freshness state. Storage abstracted: link, Drive, or Keyed-managed S3 with per-tenant region.
SOC 2, HIPAA, NIST AI RMF, ISO 42001 ship with full control catalogs. Add tenant-custom controls or pull external frameworks from Drata.
Wire up your ticketing, document store, and identity provider — or use the hosted defaults. Per-tenant data residency declared up front.
Evidence collection, vendor reviews, risk register, findings + CAPA, audit cycles, trust portal, reporting + calendar. Same model under every view.
Keyed GRC is currently rolled out to selected engagements through Keyed Systems' consulting practice. Sign in if you have an invite, or request access to learn how it could fit your program.