Announcing: RiskZero - The Complete Compliance Management Platform

Traditional compliance management is fragmented, manual, and time-consuming. Teams struggle with spreadsheets everywhere, manual evidence collection that takes hours, policy drafting from scratch, vendor risk blind spots, and auditor back-and-forth emails. Worst of all, compliance checks only happen at specific points in time, leaving organisations vulnerable between audits.

Dynamic Compliance Registers

Create, customise, and manage any compliance register you need. Get started instantly with pre-built ISO templates including Incident Response Register, Internal Asset Register, Vendor/Supplier Management Register, and Ethical Impact Assessment Register. Or design your own registers with flexible field types. Track items through a clear lifecycle from Open to Compliant, categorise by risk level, schedule review cycles, and attach evidence directly to entries. Every action is immutably logged with full audit trail capabilities.

Vendor Risk Management

Third-party vendors are one of the biggest sources of compliance risk. RiskZero gives you complete visibility with a comprehensive vendor registry, subprocessor mapping, and automated OSINT scanning that continuously monitors global news and security feeds for threats affecting your vendors. View all active alerts in one place, track vendor uptime, and let AI generate comprehensive risk assessments considering the vendor's role, data sensitivity, and recent alerts.

AI Policy Management

Generate draft policies tailored to your company using our GPT-4 powered engine, saving hours of drafting time. Track policy versions with complete change history, link policies to compliance controls, track employee acknowledgements, and view adoption statistics. All policies are indexed in the Knowledge Base for instant AI-powered search.

Knowledge Base & Compliance Oracle

All your compliance documentation in one searchable repository. Organise documents with custom tags, ask natural language questions and get instant answers grounded in your documents, control auditor access to specific folders, and benefit from auto-synced registers and evidence records.

Vendor Security Questionnaires

The Compliance Oracle can automatically draft answers to security questionnaire questions based on your indexed documentation, complete with confidence scores and source citations. Review answers before finalising, create custom questionnaires with AI-suggested questions, and track by vendor and due date.

Infrastructure Integrations

Connect your infrastructure and tools for automated evidence collection and real-time monitoring. Supported integrations include GitHub, AWS, Azure AD, Google Cloud, Jira, Confluence, Outlook/Microsoft 365, and Bolt Database. Visualise your entire technology stack in a dynamic, interactive infrastructure graph.

Compliance Monitors

Automate compliance checks and remove the guesswork from audits. Define controls tied to integrations and RiskZero will continuously check and report compliance status. Each control run generates timestamped evidence records that can be presented to auditors. When a control fails, get clear, actionable steps to fix the issue.

Risk Intelligence & Analytics

Understand your compliance posture at a glance with powerful dashboards. Visualise risk distribution by severity, see which registers contain the most risk, get a focused list of high and critical-risk items requiring attention, view your overall compliance score, and export professional Risk Intelligence Reports to PDF for leadership or auditors.

Audit Support

Prepare for audits with confidence. Invite external auditors with dedicated read-only access, track evidence requests with automatic completion notifications, and provide auditors with a complete, tamper-proof immutable audit log of every action in the system.

Public Trust Center

Build trust with customers and prospects before they even ask. Publish a branded, public-facing page showcasing your compliance certifications, security practices, and control status. Toggle which certifications you want to display and link to publicly shareable documents like pen-test summaries or compliance certificates.

Team Management & Multi-Tenancy

Collaborate securely with role-based access control for Admins, Members, and Auditors. Invite team members via email, track pending invitations, and benefit from organisation-level data isolation with strict row-level security policies ensuring data segregation.

Progressive Web App

Access RiskZero anywhere, anytime. Install on any device for a native app-like experience with offline support and upcoming push notifications for critical compliance events.

Enterprise-Grade Security

Built on Bolt Database with enterprise-grade database security, authentication, and real-time features. Row-level security ensures users can only access their organisation's data. OAuth support for Google and GitHub sign-in, plus strict Content Security Policy headers protect against XSS and injection attacks.

• • Startups preparing for their first ISO 27001 certification
• • Scale-ups needing to formalise compliance as they grow
• • Regulated Industries requiring ongoing evidence and audit readiness
• • AI Companies navigating the new ISO 42001 requirements
• • Compliance Consultants managing multiple client engagements

RiskZero is built with cutting-edge technology: Next.js 14 with React and TypeScript on the frontend, styled with Tailwind CSS and DaisyUI. The backend is powered by Bolt Database (PostgreSQL, Auth, Storage, Realtime), with AI capabilities provided by OpenAI GPT-4. The platform can be hosted on Netlify or Vercel, with visualisations powered by Recharts and icons from Heroicons.

1. Sign up and set up your organisation
2. Create registers using templates or build custom ones
3. Connect integrations like GitHub, AWS, and other tools
4. Upload policies or generate new ones with AI
5. Invite your team and auditors
6. Run monitors to start collecting evidence automatically
7. Prepare for audit using the Knowledge Base, Audit Log, and Risk Analytics