Posted inSolutions

GRC tools

A comprehensive, searchable list of GRC tools, compiled from multiple reliable sources. Hopefully you will find it useful and will make your search easier.

While building this list, my focus has been on collecting tools that cater specifically to security professionals. So you will find that many tools that cater to Enterprise Risk or Compliance are missing. I plan to handle that in a future update.

Many thanks to Ivan Gokin, who contributed to the December 2025 update by compiling a number of products that were missing from the initial list and for alerting me to the Gartner 2025 Magic Quadrant!

Notables

These are some tools which I personally don’t see them as pure GRC products but they are useful to GRC professionals (GRC-adjacent) or are mentioned in some analyst reports:

  • Cyber Security Evaluation Tool (CSET) – tool developed by CISA to help organizations assess their cybersecurity posture and make a threat-based priority list.
  • Databee – a “security data fabric” … kind of like Snowflake for Governance, Risk, and Compliance (GRC). Listed as a Major Player in DC MarketScape: Worldwide Governance, Risk, and Compliance Software Vendor Assessment, 2025.
  • Tanium – an endpoint management tool but is listed as a Major Player in DC MarketScape: Worldwide Governance, Risk, and Compliance Software Vendor Assessment, 2025.

From 25 to Over 80 Tools—and Counting!

When I first started this project, I had no idea how big the market was. I never expected it to go beyond 25. But my first version ended up having a whopping 58 entries —and it’s still growing!

Analyst Reports reference

To further enhance the list, I’ve also included classifications from leading industry reports, like:

  • Gartner’s Magic Quadrant for IT Risk Management (2020)
  • Gartner’s Magic Quadrant for Governance, Risk and Compliance Tools, Assurance Leaders 2025
  • Forrester’s Wave Q4 2023 Report
  • Chartis Research’s RiskTech Quadrant for EGRC (2024)

These reports provide critical insights into the positioning of various GRC tools, offering expert perspectives to guide your decision-making.

Note: All copyrights are owned by the respective companies.

Downloading the list

The entire list is hosted on Airtable and you can download it using the Download CSV option.

Download the full GRC tools list by clicking ‘Download CSV’

Bonus Resource: G2.com

If you’re looking for an even more extensive database, I highly recommend checking out G2.com’s GRC section: G2 GRC Tools Categories

It offers an in-depth breakdown of the GRC landscape, categorizing solutions into areas like Audit Management, Enterprise Risk Management, Operational Risk Management etc.

One great feature is the interactive G2 Grid on the site, which ranks the solutions by market presence and customer satisfaction.

If you click on “View Full Grid” you get a larger grid where you can filter the information based on “Live” or “Trending” tools.

Enjoy !