Skip to main content
GRC Platform

Complete GRC Platform for Growing Businesses

ISO 27001, NIS2, GDPR, Cyber Essentials — all in one dashboard. Enterprise-grade governance without the enterprise price tag.

From £199/month · 14-day money-back guarantee

Six Core Modules, One Platform

Everything you need to manage governance, risk, and compliance without juggling spreadsheets and consultants.

Compliance Frameworks

Pre-built templates for ISO 27001, NIS2, GDPR, Cyber Essentials, SOC2 and more. Map controls across frameworks to eliminate duplicate work.

Risk Register

Identify, assess, and mitigate risks with a visual heat map. Link risks to controls and track treatment plans with automated reminders.

Policy Manager

Template library of 30+ policies ready to customise. Version control, approval workflows, and employee acknowledgement tracking.

Vendor Risk Management

Assess third-party risk with automated questionnaires. Track vendor compliance status and contract renewal dates in one place.

Incident Management

Log, triage, and investigate security incidents. Built-in 72-hour notification timer for GDPR/NIS2 breach reporting obligations.

Security Training

Assign training modules to staff. Track completion rates and send automated reminders. Covers phishing awareness, data handling, and more.

Enterprise GRC at a Fraction of the Cost

UK-focused. Listed price. No sales-call gate.

LISTED PRICE

SBH GRC Lite

£2,388/year

£199/month

UK-focused, full GRC suite. Enterprise GRC platforms typically charge several times more and gate pricing behind sales calls.

Built for UK & EU Compliance

Not a US platform adapted for Europe — designed from the ground up for UK and EU regulatory requirements.

Built for UK Compliance

Designed around UK GDPR, ICO guidance, and NCSC frameworks

NCSC Aligned

Controls mapped to NCSC Cyber Assessment Framework (CAF)

ICO Registered

SummitBridge Horizon is registered with the Information Commissioner's Office

ISO 27001 Mapped

Full Annex A control mapping with evidence management

Frequently Asked Questions

Which compliance frameworks are supported?

GRC Lite includes pre-built frameworks for ISO 27001:2022, NIS2, GDPR/UK GDPR, Cyber Essentials, SOC2, PCI DSS, and DORA. Custom frameworks can be added on request.

Can I map controls across multiple frameworks?

Yes. Our cross-mapping feature lets you satisfy controls once and apply evidence across multiple frameworks. For example, an access control policy can satisfy requirements in ISO 27001, NIS2, and Cyber Essentials simultaneously.

Is this suitable for pre-audit preparation?

Absolutely. GRC Lite generates audit-ready evidence packs, gap analysis reports, and a Statement of Applicability for ISO 27001. Many customers use it to prepare for external audits.

How does pricing compare to hiring a GRC consultant?

A typical GRC consultant costs £800-1,500/day. Most ISO 27001 implementations require 15-30 consultant days (£12,000-45,000). GRC Lite gives you the same framework structure and guidance for £2,388/year.

Can multiple team members collaborate?

Yes. GRC Lite supports unlimited users with role-based access control. Assign control owners, reviewers, and approvers across your team.

Get Started Today

Get your GRC programme up and running in hours, not months. Full access for 14 days, backed by our money-back guarantee.

14-day money-back guarantee Money-back guarantee Cancel anytime

🔒 Data processing & privacy

Your data is processed in EU/UK. AI generation runs via Anthropic Claude (EU region). Your data is not used to train models. See the Sub-Processors list and Privacy Policy.

✅ 14-day money-back guarantee

Not satisfied? Request a full refund within 14 days of purchase. See the Refund Policy for details and limits.

💬 Support — 24h response SLA

Reach us at [email protected]. Response within 24 business hours. Critical issues: 4 hours. Channels: email + Help Centre.

🏠 Customer portal & data export

After purchase, access deliverables, invoices, and account settings at /portal/dashboard. Cancel any time; data export available on request.

⚠️ Important — For Information Only, Not Regulatory Advice

This product is provided for information and compliance documentation purposes only. It is not regulatory advice, legal interpretation, or a substitute for direct regulator engagement. SummitBridge Horizon Ltd is not a regulator and does not file notifications, breach reports, or registrations with any regulator (including ICO, NCSC, ENISA, BSI, HMRC, FCA, NCA) on your behalf. For specific regulator interpretations, audit outcomes, or legal exposure, you must consult a qualified professional and/or the relevant regulator directly.

SummitBridge Horizon Ltd · Companies House 16419201 · ICO ZC112810 · Registered in England & Wales