Modern AI-Driven GRC Platform

AI-Powered Assessments.
Complete GRC Platform.

AI-driven assessment modules for vendor risk, agreement review, privacy impact, compliance, and AI governance — plus the full GRC toolkit: risk registers with financial quantification, controls with continuous monitoring, incidents, assets, data governance, audit management, and regulatory intelligence. 20 pre-built integrations with enterprise security platforms.

Book a Demo Watch Overview
0
AI Assessment Modules
0+
GRC Modules
0+
Data Models
0
Integrations
0
Security Tests

How It Works

Connect your data, run AI-powered assessments, and let the platform continuously monitor, alert, and report across your entire GRC landscape.

1

Connect

Integrate existing tools, import data, and connect identity providers. The platform ingests your documents, vendor data, and policies.

2

Assess with AI

Run AI-powered assessments — vendor risk scoring, clause-by-clause agreement review, privacy impact analysis, and compliance gap detection. Each module is purpose-built for its domain.

3

Review & Act

AI surfaces gaps, scores risk, and recommends actions. Your team reviews by exception — bulk-accept high-confidence findings, focus time on what matters.

4

Monitor & Report

Continuous monitoring — deadline alerts, obligation tracking, compliance drift detection, risk appetite breaches, and board-ready executive briefings generated automatically.

AI Assessment Modules + Complete GRC Toolkit

Six AI-powered assessment modules covering key enterprise use cases, backed by a full suite of GRC functions with financial risk quantification, continuous monitoring, and 20 enterprise integrations.

AI-Powered Assessment Modules

Vendor Risk Assessment

TPRA

AI scores vendor responses, analyses evidence, identifies gaps, and recommends remediation. Inherent/residual risk matrices, maturity scoring, mandatory risk requirements, and vendor qualification workflows.

Privacy Impact Assessment

PIA

AI-driven privacy impact assessments with multi-jurisdiction support (Privacy Act, GDPR, CCPA). Data flow mapping, cross-border transfer tracking, and principle-based compliance scoring.

Agreement Assessment

CLM

AI reviews vendor agreements clause-by-clause, grades risk A-F, and generates redline summaries. Clause library, vendor negotiation portal, custom workflows, and automatic obligation extraction with calendar tracking.

Compliance Management

CM

AI maps controls to frameworks, tracks compliance status, identifies drift, and automates evidence collection. Supports ISO 27001, SOC 2, NIST, Essential Eight, CPS 234, GDPR, and custom frameworks.

AI Governance & EU AI Act

AIG

Full AI system lifecycle governance: AI registry with EU AI Act risk classification, AI impact assessments, conformity assessment workflows, use case intake for business users, GenAI acceptable use policies, ISO 42001 compliance, and auto-generated Annex IV technical documentation.

Regulatory Change Intelligence

RCI

AI-powered monitoring of regulatory sources worldwide. Automatically detects changes to laws, regulations, and standards, assesses impact on your compliance posture, and recommends actions. Monitors NIST, EU AI Act, APRA, ISO, Privacy Acts, and more.

GRC Core Functions

Risk Register

RR

Risk registers with CRQ (Cyber-Risk Quantification), annualised loss expectancy, cost-benefit analysis, financial heat maps, and board-ready PDF reports. Cross-module intelligence: risks auto-created from all assessment modules.

Controls

CTL

Control library with continuous monitoring (scheduled + event-driven real-time), health scoring, evidence freshness tracking, auto-propagation to compliance frameworks. "Assess once, comply with many" framework mapping.

Incidents

INC

Incident capture, triage, and resolution with automated escalation workflows, timeline tracking, root cause analysis, and affected party management.

Assets

AST

Information asset inventory with criticality classification, control mappings, risk linkage, and AI-suggested assets from your data landscape.

Deficiency Register

DEF

Unified finding and deficiency tracking across all modules. Full remediation lifecycle: assign, remediate, verify, close. POA&M milestones, acceptance workflows, and ageing analysis.

Internal Audit

IA

Complete audit lifecycle management: audit universe, annual planning, engagement workflows, working papers, findings with root cause analysis, management responses, and formal reporting. Findings auto-create risks and deficiencies.

CRQ Financial Dashboard

CRQ

Board-ready financial risk quantification: total annualised loss expectancy, cost-benefit analysis charts, accept-vs-treat decision tables, dollar-weighted risk heat maps, ALE trending, and downloadable PDF board packs.

Governance

Data Governance

DG

Data classification, encryption standards, retention policies, destruction standards, and data element-to-control mapping across your entire data landscape.

Vendor Management

VM

Full vendor lifecycle — onboarding, 360-degree profile view, qualification workflows, performance monitoring, contract linkage, and risk history across all assessments.

Audit Evidence

AUD

Audit evidence collection, auto-generated evidence packages linked to controls and frameworks, and remediation tracking with full audit trail.

AI-Powered

AI-Powered Assessment Modules

Purpose-built AI for each assessment domain. Six modules parse documents, score risk, identify gaps, and recommend actions — each specialised for its use case, with pre-analysis, policy citations, and GraphRAG-powered intelligence.

  • Vendor Risk — AI scores responses, analyses evidence, identifies gaps
  • Agreement Review — clause-by-clause analysis, risk grading A-F, obligation extraction
  • Privacy Impact — data flow assessment against Privacy Act, GDPR, and CCPA
  • Compliance — framework mapping, control gap detection, evidence automation
  • AI Governance — EU AI Act conformity, ISO 42001, GenAI policies, AI registry
  • Regulatory Intelligence — AI monitors regulatory changes, assesses impact, recommends actions

AI Assessment Modules

6 Active
Vendor Risk Assessment 87%
Analysing evidence...
Agreement Review 94%
30 clauses reviewed
Privacy Impact 72%
Data flow mapping
Compliance Monitoring 91%
6 frameworks mapped
AI Governance 68%
EU AI Act conformity
Regulatory Intelligence 100%
Monitoring 12 sources
6
AI Modules
3
Gaps Found
89%
Avg Score

Vendor Portal

12 Active
C
CloudSecure Pty Ltd
Approved
Low
D
DataVault Solutions
In Review
Medium
P
Pacific Payments
Approved
Low
M
Meridian Analytics
Pending
High
T
TechGuard Systems
Approved
Low
Vendor Management

Collaborative Vendor Portal

Give your vendors a dedicated portal to submit assessments, upload evidence, and track remediation progress. Reduce email chains and accelerate the assessment cycle.

  • Self-service vendor onboarding and registration
  • Automated questionnaire distribution
  • Real-time status tracking for both parties
  • Secure document exchange with audit trail
Executive Dashboards

Real-Time Risk Intelligence

Board-ready dashboards that provide real-time visibility into your organisation's risk posture, compliance status, and control effectiveness at every level.

  • Customisable risk heat maps and scorecards
  • Drill-down from executive summary to detail
  • Automated reporting and scheduled exports
  • Trend analysis and predictive risk insights

Risk Dashboard

Updated 2 min ago
82
Overall Risk Score
+5 from last month
Jan Jun Dec

Agreement Review — AGR-2026-0042

Grade A
Draft AI Analysis Review Legal Approved Executed
A
Risk Grade
94%
Coverage
2
Gaps
30
Clauses
DP-01 Data Breach Notification
Covered
SEC-02 Multi-Factor Authentication
Gap Found
LIA-01 Limitation of Liability
Covered
AUD-01 Right to Audit
Covered
Agreement Assessment

AI-Powered Contract Review

Upload a vendor agreement and let AI analyse every clause against your playbook. Bulk-accept high-confidence clauses, negotiate gaps inline, and execute with one click — obligations and deadlines are extracted automatically.

  • Clause-by-clause AI analysis with confidence scoring and risk grading (A-F)
  • Reusable Clause Library — build once, import into any template
  • Inline vendor negotiation with AI adequacy scoring per response
  • Custom approval workflows per agreement type (skip or add steps)
  • One-click contract creation with automatic obligation extraction
  • Obligation Calendar with daily deadline alerts and compliance tracking
AI Governance

AI Governance & EU AI Act Compliance

The most comprehensive AI governance module in market. Manage the full AI system lifecycle from registration through conformity assessment, with ISO 42001 compliance and automated technical documentation.

AI System Registry

Catalog and classify every AI system by EU AI Act risk tier. Track purpose, data sources, deployment status, and risk classification across your organisation.

AI Impact Assessments

Structured assessments with questionnaire workflows. Evaluate risks to fundamental rights, safety, and fairness for each AI system.

EU AI Act Conformity

24-requirement checklist per Articles 9-15. Track compliance across risk management, data governance, transparency, human oversight, and robustness.

Use Case Intake

Business users submit AI use case requests through a guided form. Routed through automated risk classification and approval workflows.

GenAI Governance

Approved tools registry and acceptable use policies. Track which GenAI tools are sanctioned, usage guidelines, and data handling requirements.

ISO 42001 Compliance

35 Annex A controls mapped and tracked. Full compliance management for the AI management system standard with evidence collection.

Auto Technical Docs

One-click EU AI Act Annex IV technical documentation generated from existing data. Always audit-ready with up-to-date system information.

Setup Wizard

Guided 6-step onboarding for AI governance. Configure your AI registry, risk categories, assessment templates, and approval workflows in minutes.

Real-Time Intelligence

Continuous Monitoring & Real-Time Intelligence

Move beyond point-in-time assessments. ControlDesk continuously monitors your control health, attack surface, regulatory landscape, and financial risk posture in real time.

Continuous Control Monitoring

Scheduled and event-driven real-time health checks across your entire control library. Automated evidence freshness tracking with health scores and drift detection.

Attack Surface Management

External risk visibility via 5 ASM platforms: Shodan, SecurityScorecard, Censys, BitSight, and RiskRecon. Continuous monitoring of your digital exposure.

Regulatory Change Intelligence

AI monitors 10+ regulatory sources worldwide including NIST, EU AI Act, APRA, ISO, and Privacy Acts. Auto-alerts on changes with impact assessment and recommended actions.

Cross-Module Risk Intelligence

Findings from any assessment module automatically create risks and deficiencies. Full traceability from source assessment through risk register to remediation.

Financial Risk Dashboard

CRQ with annualised loss expectancy, cost-benefit analysis, accept-vs-treat recommendations, and dollar-weighted risk heat maps. Track ALE trending over time.

Board Pack Export

One-click PDF board reports with executive summaries, financial risk quantification, control health scores, compliance posture, and trending analysis.

Enterprise-Grade Security

Your data is protected by industry-leading security controls and compliance certifications.

GDPR
Data Protection
Australian Privacy Act
APPs Compliant
Essential Eight
Maturity Level 3
NIST CSF
Framework Aligned
256-bit AES Encryption 172 Automated Security Tests 20 Pre-Built Connectors Real-Time Control Monitoring 99.9% Uptime SLA AWS Sydney Region

Why ControlDesk

Purpose-built for Australian enterprises that demand data sovereignty, security, and compliance at scale.

AI-First GRC

Purpose-built AI across 6 assessment modules — vendor risk, agreement review, privacy impact, compliance, AI governance, and regulatory intelligence. Not bolted on.

AI Governance Leader

Most comprehensive AI governance module in market: EU AI Act conformity, ISO 42001, GenAI acceptable use policies, AI registry, and auto-generated technical documentation.

Financial Risk Quantification

CRQ with annualised loss expectancy, cost-benefit analysis, accept-vs-treat decision tables, and board-ready financial dashboards with downloadable PDF board packs.

20 Enterprise Integrations

Pre-built connectors for AWS Security Hub, Microsoft Defender, CrowdStrike, Okta, Wiz, Qualys, Splunk, Jira, Slack, and more. Plus REST API and webhooks.

Continuous Monitoring

Real-time control health scoring, attack surface management via 5 ASM platforms, regulatory change intelligence, and cross-module risk auto-creation.

Australian Hosted

AWS Sydney region with full data sovereignty. Privacy Act compliant, Essential Eight aligned. 172 automated security tests, 99.9% uptime SLA.

20 Pre-Built Enterprise Integrations

Connect ControlDesk to your security stack in minutes. Pre-built connectors for the platforms your team already uses, plus a full API for custom integrations.

Cloud Security

AW
AWS Security Hub
MI
Microsoft Defender
WI
Wiz

Identity Security

MI
Microsoft Entra ID
OK
Okta
GO
Google Workspace

Endpoint Security

CR
CrowdStrike Falcon
SE
SentinelOne

Vulnerability Management

QU
Qualys VMDR
TE
Tenable.io

SIEM & ASM

SP
Splunk
SH
Shodan
SE
SecurityScorecard
CE
Censys
BI
BitSight
RI
RiskRecon

Notifications & Ticketing

SL
Slack
MI
Microsoft Teams
JI
Jira
SE
ServiceNow
REST API Inbound Webhooks Outbound Webhooks (30+ Event Types) API Key Management

Pricing

We offer flexible plans tailored to your organisation's size and requirements. All plans include Australian data hosting and enterprise-grade security.

Contact Us for Pricing

info@deteqted.com

Frequently Asked Questions

Everything you need to know about ControlDesk.

ControlDesk is a fully managed SaaS platform hosted on AWS in the Sydney region. There is nothing to install — simply sign up and start configuring your GRC environment within minutes. We handle all infrastructure, updates, and maintenance so your team can focus on risk and compliance.

All data is stored exclusively in the AWS Sydney (ap-southeast-2) region, ensuring full Australian data residency. We maintain strict data sovereignty controls and never transfer data offshore. All data is encrypted at rest using AES-256 and in transit using TLS 1.3.

ControlDesk has 20 pre-built connectors: AWS Security Hub, Microsoft Defender, Wiz, Microsoft Entra ID, Okta, Google Workspace, CrowdStrike Falcon, SentinelOne, Qualys VMDR, Tenable.io, Splunk, Shodan, SecurityScorecard, Censys, BitSight, RiskRecon, Slack, Microsoft Teams, Jira, and ServiceNow. Plus a full REST API, inbound and outbound webhooks (30+ event types), and API key management for custom integrations.

Most teams are operational within 2 weeks. Our onboarding specialists help migrate existing data, configure workflows, and train your team. Enterprise deployments with complex requirements typically complete within 4-6 weeks, including custom integration setup and data migration.

ControlDesk supports ISO 27001, ISO 42001 (AI Management), SOC 2, NIST CSF, NIST AI RMF, EU AI Act, Essential Eight, Australian Privacy Act (APPs), GDPR, PCI DSS, HIPAA, CPS 234, and many more. Custom frameworks can be configured to match your specific regulatory requirements, and our team can assist with mapping controls across multiple standards.

Each of the six assessment modules has purpose-built AI for its domain. Vendor Risk AI scores responses and analyses evidence with pre-analysis and policy citations. Agreement Review AI analyses contracts clause-by-clause against your playbook and grades risk A-F. Privacy Impact AI maps data flows against regulations. Compliance AI identifies control gaps across frameworks. AI Governance automates EU AI Act conformity assessments and generates Annex IV documentation. Regulatory Intelligence monitors worldwide regulatory sources using GraphRAG-powered analysis to detect changes and assess impact on your compliance posture.

ControlDesk is secure by design, built to align with NIST CSF, Essential Eight (Maturity Level 3), GDPR, and the Australian Privacy Act. 172 automated security tests run continuously. All data is encrypted at rest (AES-256) and in transit (TLS 1.3). We undergo regular penetration testing and security audits by independent third parties. All data is hosted exclusively in AWS Sydney.

Upload a vendor agreement and AI analyses it clause-by-clause against your clause template playbook. You get a risk grade (A-F), coverage percentage, gap analysis, and redline summary. Bulk-accept high-confidence clauses in one click, flag gaps for negotiation, and send vendors a secure portal to respond. When approved, one click creates the contract record and automatically extracts obligations into a calendar with deadline alerts. Custom approval workflows let you tailor the review process per agreement type.

Yes. ControlDesk includes the most comprehensive AI governance module in market. Features include an AI system registry with EU AI Act risk classification, AI impact assessments, a 24-requirement conformity assessment checklist per Articles 9-15, use case intake for business users, GenAI acceptable use policies and approved tools registry, ISO 42001 compliance with all 35 Annex A controls mapped, and auto-generated EU AI Act Annex IV technical documentation. A guided setup wizard gets you operational in minutes.

ControlDesk provides both scheduled and event-driven real-time monitoring. Controls are continuously checked for health with automated evidence freshness scoring. Attack surface management integrates with 5 ASM platforms (Shodan, SecurityScorecard, Censys, BitSight, RiskRecon) for external risk visibility. Regulatory change intelligence monitors 10+ sources worldwide. Findings from any module automatically create risks and deficiencies with full traceability. Financial risk dashboards track ALE trending and cost-benefit analysis in real time.

Contact us at info@deteqted.com for a tailored quote. We offer flexible plans based on your organisation's size, modules required, and assessment volume. All plans include Australian data hosting and enterprise-grade security.

Ready to Transform Your GRC?

Book a personalised demo and see how ControlDesk can automate risk, streamline compliance, and give you 360-degree visibility.

Book a Demo Sign In to Platform