Automated GRC Software to Simplify Managing IT Compliance Regulations
Reduce the risk, complexity and costs associated with your InfoSec and IT compliance programs. Compliance Manager GRC software helps you manage any government regulation, industry standard or internal IT policy in one automated tool.
Simplify Governance, Risk Management and Compliance (GRC) for Any Organization
Compliance Manager GRC helps you identify which IT security requirements your organization should be following to stay compliant with any government or industry standard, and to reduce the risk of a data breach.
Automate your IT compliance management
Save time and effort by automating a wide range of compliance assessment and management tasks. Easily collect data on users, computers and networks to validate compliance assumptions. Automatically show progress against the standards you are tracking.
Customize governance and compliance management to your needs
Manage multiple compliance standards at the same time in one centralized platform. Work from built-in compliance templates that you can modify or build your own standards from scratch with your specific controls and procedures.
Deliver dynamic reports and documentation
Eliminate fire drills by automatically generating comprehensive evidence of compliance in the event of an audit. Instantly produce up-to-date policies and procedures manuals, risk analysis reports, plans of action and supporting documents.
Continuous Compliance Monitoring
Compliance doesn’t stop at an audit — it’s an ongoing process. The Compliance Monitor feature continuously scans, assesses and monitors Microsoft Windows device configurations to determine whether the endpoints are configured to meet the Center for Internet Security (CIS) Benchmark configurations and selected IT Security Framework and Regulatory standards.
Manage Risk With Confidence
Risk Manager provides a centralized view of IT security, data security and compliance risks. It allows users to assign risk priorities, develop responses and create treatment plans to streamline the risk management process and address security and compliance lapses more efficiently. This feature empowers IT and security teams to make informed decisions faster while ensuring regulatory compliance and security best practices.
See How Compliance Manager GRC Works
Ensure compliance with IT requirements mandated by government laws and regulations, industry standards, vendor contacts and cyber insurance policies. Be ready with documented proof of compliance in the event of a forensic investigation or lawsuit following a breach.
Compliance Manager GRC keeps track of all your IT requirements, highlights issues and gaps that need your attention, and makes it easy to generate the reports and evidence of compliance whenever you need it.
Take interactive tourIT Security Assurance and Compliance Features
Compliance Manager GRC gives you a simple workflow process to keep track of all your IT requirements, regardless of source. Even if you are not regulated by a government or industry standard, you can still keep track of your own IT security and privacy requirements. With Compliance Manager GRC you can make sure you're doing the right things and doing them right.
Compliance Monitor
Continuously scan, assess and monitor Microsoft Windows device configurations to determine whether the endpoints are configured to meet the Center for Internet Security (CIS) Benchmark configurations and selected IT Security Framework and Regulatory standards.
Risk Manager
Get a centralized view of IT security, data security and compliance risks with a dynamic, actionable dashboard. This feature empowers IT and security teams to make informed decisions faster while ensuring regulatory compliance and security best practices.
Supports all major standards and frameworks
Assess your compliance for the most common standards such as NIST CSF, HIPAA, PCI, CMMC, SOC 2, GDPR and many more. See All Standards Here.
Fully automated process management
Automatically collect data, generate risk assessments, create dynamic plans of action and produce evidence of compliance.
Third party vendor assessments
Easily manage the compliance requirements of your vendors with a built-in self-service portal. Make it easy for third parties to complete assessments against any standards you pick.
Built-in end user training, tracking and reporting
Train and test users on IT security awareness to reduce risk. Track and report on user training participation and attestation to policy documents.
Role-based architecture
Share the workload and responsibility of meeting specific requirements with the appropriate subject-matter experts.
Customizable libraries of controls and requirements
Large libraries of controls and requirements are included. You can easily modify them to create your own standards.
Tracks common controls across multiple standards
Eliminate duplication of effort managing the same control for multiple requirements in different standards.
Workflow integration with other Kaseya products
Automatically collect evidence from other software tools through seamless workflow automation.
Improve Your IT Compliance Processes With the Right Software
With the growing importance of GRC, it is vital to implement the right tool for your organization. In this buyer's guide, learn about the essential features to look for to manage the IT security standards you are tasked with supporting.
Download Now
Automated IT Compliance Reports
Compliance Manager GRC makes it easy to document your work with brandable and customizable reports. Select the documentation you need from an extensive library of templates.
Risk assessment reports
Quickly generate reports for any baseline assessment, controls assessment or requirements assessment.
Policies and procedures
Generate standard-specific policies and procedures manuals that you can customize based on how you work.
Supporting documents
Data-driven worksheets, check lists, inventories and other documents are automatically created during the assessment process.
Specialty reports
Specialty reports that are unique to a specific government regulation or industry standards are included.
Our Ongoing Innovation in IT Compliance
UK Cyber Essentials v3.2
Compliance Manager GRC now supports the new UK National Cyber Security Centre Cyber Essentials v3.2 security requirements that went into effect on April 28, 2025. The new Compliance Manager GRC standard simplifies Cyber Essentials compliance for IT professionals and MSPs, making it easy to understand requirements, conduct assessments and manage ongoing IT security needs.
Released June 5, 2025
Risk Manager
The new Risk Manager feature, now included as part of Compliance Manager GRC, centralizes, streamlines and automates risk management to save time, decrease costs and reduce risk. After using Compliance Manager GRC to perform an organization's technical review and compliance assessments, Risk Manager will give organization stakeholders a centralized view of identified IT security, data security and compliance risks. Risk Manager automates the risk management process to enable organization stakeholders to assign risk priorities and risk responses and create treatment plans to address lapses in IT security and regulatory compliance in less time.
Released February 27, 2025
Compliance Monitor
The new Compliance Monitor feature reduces risks and streamlines compliance by seamlessly monitoring PC configurations in accordance with leading cybersecurity frameworks and regulatory requirements. This new feature in Compliance Manager GRC provides automated continuous monitoring, compliance readiness tracking, verification of policy configuration settings and provides remediation guidance. Compliance Monitor aligns CIS Benchmarks with frameworks like CMMC, HIPAA, Essential 8, NIST CSF, NIST 800-171, ISO 27001, UK Cyber Essentials, and many other IT security and regulatory requirements.
Released February 27, 2025
PCI DSS - SAQ SPoC
Compliance Manager GRC now supports the PCI DSS - SAQ SPoC Standard. Businesses using off-the-shelf mobile devices with a secure card reader that is part of a PCI SSC-validated SPoC solution are required to periodically complete the PCI DSS Self-Assessment Questionnaire Software-based PIN entry on COTS (SAQ SPoC). This new Compliance Manager GRC standard makes it easy for IT professionals and MSPs to navigate the PCI DSS - SAQ SPoC security requirements to perform assessments and manage ongoing IT security compliance needs.
Released December 5, 2024
CIS Controls v8.1
Compliance Manager GRC now supports the new CIS Controls v8.1, published by the Center for Internet Security (CIS) on June 25, 2024. This new Compliance Manager GRC standard makes it easy for IT professionals and MSPs to navigate the latest CIS Controls v8.1 security requirements for CIS Control Implementation Groups IG1, IG2 and IG3, to perform assessments and manage ongoing IT security compliance needs.
Released November 28, 2024
EU NIS2 Directive
Compliance Manager GRC now supports the European Union (EU) NIS2 Directive Regulatory Standard. This new Compliance Manager GRC standard enables IT professionals and MSPs to easily navigate the EU NIS2 Directive requirements and controls in their effort to perform readiness assessments for businesses that must implement the cybersecurity measures specified in the EU NIS2 Directive regulations.
Released September 12, 2024
PCI DSS - SAQ P2PE
Compliance Manager GRC now supports the PCI DSS - SAQ P2PE Standard. Businesses that use Point-to-Point Encryption (P2PE) solutions to secure credit card data during transactions are required to periodically complete the PCI DSS Self-Assessment Questionnaire Point-to-Point Encryption (SAQ P2PE). This new Compliance Manager GRC standard makes it easy for IT professionals and MSPs to navigate the PCI DSS - SAQ P2PE security requirements, perform assessments and manage ongoing IT security compliance needs.
Released August 14, 2024
Essential 8 Maturity Level 2
Compliance Manager GRC now supports the new Essential 8 Maturity Level 2 IT security requirements published by the Australian Signals Directorate in November 2023. This updated Compliance Manager GRC standard includes references to the Australian Signals Directorate's Information Security Manual (ISM) controls and associated Australian Cyber Security Centre guidance to make it easy for IT professionals and MSPs to perform assessments and manage ongoing IT security compliance needs based on the use of the Essential 8 security safeguards.
Released June 20, 2024
ISO 27002:2022
Compliance Manager GRC now supports the ISO 27002 Standard. The new Compliance Manager GRC standard enables IT professionals and MSPs to easily navigate the ISO 27002 controls in their effort to perform readiness assessments for businesses that utilize the ISO 27001 - Annex A security controls necessary to implement their information security management system based on ISO 27001.
Released June 6, 2024
NIST Cybersecurity Framework 2.0
Compliance Manager GRC now supports the new NIST Cybersecurity Framework (CSF) 2.0 published by NIST on February 26, 2024. This new Compliance Manager GRC standard makes it easy for IT professionals and MSPs to navigate the new NIST CSF 2.0 security requirements to perform assessments and manage ongoing IT security compliance needs.
Released April 25, 2024
GCC High Azure AD Scan
The new GCC High Microsoft Entra ID (formerly Azure AD) Scan in Compliance Manager GRC is designed to probe the Microsoft government cloud, which is a dedicated environment in Microsoft Azure tailored for U.S. federal, state, local, and tribal governments, as well as contractors managing sensitive data like CUI and ITAR data.
Released November 16, 2023
Kaseya Cybersecurity Fundamentals Standard
The Kaseya Cybersecurity Fundamentals is a streamlined framework tailored for swift implementation using Compliance Manager GRC. This entry-level standard is inspired by the NIST Cybersecurity Framework's core principles, while harnessing the full power of Compliance Manager GRC's automated data collection features.
Released July 27, 2023
AICPA - SOC 2 Standard
Compliance Manager GRC supports the AICPA Trust Services Criteria for SOC 2. The software includes a built-in IT compliance process template for SOC 2 that dramatically streamlines the collection of documentation neccessary for a SOC 2 examination.
Released June 29, 2023
POPIA Condition 7 Security Safeguards
Compliance Manager GRC now supports South Africa's national consumer protection standard -- The Protection of Personal Information Act (POPIA). It includes all of the IT security requirements as detailed in Condition 7 of the law, making it easy for IT professionals and MSPs to achieve compliance.
Released June 29, 2023
DATTO Workplace PII Data Feed
Through a seamless workflow automation, sensitive information stored in Datto Workplace is identified and incorporated into Compliance Manager GRC's Sensitive Data Assessment reports and worksheets. Data collected includes the type of sensitive data discovered, permissions, file locations, and more.
Released June 23, 2023
