Six Core Modules, One Platform
Everything you need to manage governance, risk, and compliance without juggling spreadsheets and consultants.
Compliance Frameworks
Pre-built templates for ISO 27001, NIS2, GDPR, Cyber Essentials, SOC2 and more. Map controls across frameworks to eliminate duplicate work.
Risk Register
Identify, assess, and mitigate risks with a visual heat map. Link risks to controls and track treatment plans with automated reminders.
Policy Manager
Template library of 30+ policies ready to customise. Version control, approval workflows, and employee acknowledgement tracking.
Vendor Risk Management
Assess third-party risk with automated questionnaires. Track vendor compliance status and contract renewal dates in one place.
Incident Management
Log, triage, and investigate security incidents. Built-in 72-hour notification timer for GDPR/NIS2 breach reporting obligations.
Security Training
Assign training modules to staff. Track completion rates and send automated reminders. Covers phishing awareness, data handling, and more.
Built for UK & EU Compliance
Not a US platform adapted for Europe — designed from the ground up for UK and EU regulatory requirements.
Built for UK Compliance
Designed around UK GDPR, ICO guidance, and NCSC frameworks
NCSC Aligned
Controls mapped to NCSC Cyber Assessment Framework (CAF)
ICO Registered
SummitBridge Horizon is registered with the Information Commissioner's Office
ISO 27001 Mapped
Full Annex A control mapping with evidence management
Frequently Asked Questions
Which compliance frameworks are supported?
GRC Lite includes pre-built frameworks for ISO 27001:2022, NIS2, GDPR/UK GDPR, Cyber Essentials, SOC2, PCI DSS, and DORA. Custom frameworks can be added on request.
Can I map controls across multiple frameworks?
Yes. Our cross-mapping feature lets you satisfy controls once and apply evidence across multiple frameworks. For example, an access control policy can satisfy requirements in ISO 27001, NIS2, and Cyber Essentials simultaneously.
Is this suitable for pre-audit preparation?
Absolutely. GRC Lite generates audit-ready evidence packs, gap analysis reports, and a Statement of Applicability for ISO 27001. Many customers use it to prepare for external audits.
How does pricing compare to hiring a GRC consultant?
A typical GRC consultant costs £800-1,500/day. Most ISO 27001 implementations require 15-30 consultant days (£12,000-45,000). GRC Lite gives you the same framework structure and guidance for £2,388/year.
Can multiple team members collaborate?
Yes. GRC Lite supports unlimited users with role-based access control. Assign control owners, reviewers, and approvers across your team.
🔒 Data processing & privacy
Your data is processed in EU/UK. AI generation runs via Anthropic Claude (EU region). Your data is not used to train models. See the Sub-Processors list and Privacy Policy.
✅ 14-day money-back guarantee
Not satisfied? Request a full refund within 14 days of purchase. See the Refund Policy for details and limits.
💬 Support — 24h response SLA
Reach us at [email protected]. Response within 24 business hours. Critical issues: 4 hours. Channels: email + Help Centre.
🏠 Customer portal & data export
After purchase, access deliverables, invoices, and account settings at /portal/dashboard. Cancel any time; data export available on request.
⚠️ Important — For Information Only, Not Regulatory Advice
This product is provided for information and compliance documentation purposes only. It is not regulatory advice, legal interpretation, or a substitute for direct regulator engagement. SummitBridge Horizon Ltd is not a regulator and does not file notifications, breach reports, or registrations with any regulator (including ICO, NCSC, ENISA, BSI, HMRC, FCA, NCA) on your behalf. For specific regulator interpretations, audit outcomes, or legal exposure, you must consult a qualified professional and/or the relevant regulator directly.
SummitBridge Horizon Ltd · Companies House 16419201 · ICO ZC112810 · Registered in England & Wales