52 modules — the full ISMS, not a checklist

52 modules. Pick what you need.
Add more anytime.

Every module shares a unified data model. 26 native compliance frameworks (261 via SCF) included with any module.

Core Platform

10 modules

The connected core: documents, projects, training, phishing, trust, analytics, and the Sage AI agent hub.

Security Awareness Training

Transform Employees from Your Biggest Vulnerability into Your Strongest Defense

Phishing Simulation

Test Your Organization's Human Risk with Realistic Multi-Channel Simulations

Document Management

Policies, Procedures, and Standards — Version-Controlled and Always Current

Analytics & Reporting

Board-Ready Dashboards and Executive Risk Reporting

Trust Center

Showcase Your Compliance Posture to Customers and Partners

Workflow & Automation Engine

Automate Approvals, Triggers, and Actions

Project & Task Management

Track Tasks and Projects Across All GRC Modules

Training & Awareness Management

Track and Manage All Training Programs

Dashboard

Your Entire GRC Program at a Glance

Agent Hub

Agentic AI for GRC — Claude-Powered, Human-Approved, Audit-Logged

Risk & Compliance

13 modules

Registers, standards, incidents, privacy, resilience, and regulatory intelligence — the operational risk engine.

Risk Management

Identify, Assess, and Mitigate Risks — All in One Place

Compliance & Standards

Map, Track, and Achieve Compliance Across Every Framework

Privacy Management

Manage DSAR, ROPA, PIA, and Multi-Regulation Privacy Compliance

BC/DR Planning

Plan for Disruption. Recover with Confidence.

Controls Library

Your Single Source of Truth for Every Security Control

Incident Management

Detect, Respond, and Learn from Every Security Incident

Asset Inventory

Know Every Asset, Its Risks, and Its Controls

Background Check & Employee Screening

Comprehensive Background Screening with 7 Database Sources

Exception Management

Manage Policy Exceptions with Full Traceability

Regulatory Change Tracking

Stay Ahead of Regulatory Changes

Standards Library

Comprehensive Compliance Standards Reference

DORA Compliance

EU 2022/2554, Managed Across All Four Pillars

Implementation

From Gap Assessment to Certificate — One Program, Every Standard

ISO 27001 Certification

16 modules

The clause-by-clause ISMS machinery certification-prep tools never built: SoA, management review, CAPA, and more.

Context of Organization

Clauses 4.1–4.4, Captured Once and Kept Alive

Statement of Applicability

Annex A, Decided, Justified, and Always Audit-Ready

Management Review

Clause 9.3, Without the Calendar Chaos

Nonconformity & CAPA

Clause 10.2 — From Finding to Fixed, Provably

Change Management

A.8.32 Change Control Beyond the Ticket Queue

Secure Development

A.8.25–A.8.33, Engineered Into the Pipeline

Data Classification

A.5.12–A.5.14: Classify, Label, and Handle — With Proof

Crisis Management

When It Hits, Everyone Knows the Plan

IT General Controls

The ITGC Matrix Auditors Expect — Minus the Spreadsheet

Key Risk Indicators

Green, Amber, Red — and Escalated Before It Turns

Competence Records

Clause 7.2 Evidence, Ready Before the Auditor Asks

Logging & Monitoring

A.8.15–A.8.16: Prove Every Log Source Is Actually Watching

Communication Plan

Clause 7.4: Who, What, When, and How — On Record

Continual Improvement

Clause 10.1: Improvement You Can Point To

Objectives & KPIs

Clause 6.2 Objectives That Survive Contact With Q3

Capacity Management

A.8.6: See the Capacity Breach Before It Breaches You

Governance

3 modules

Board-level obligations: ESG disclosure, SOX/ICFR, and AI governance.

ESG Governance

Sustainability Reporting with the Same Rigor as Your Security Program

SOX / ICFR

Sarbanes-Oxley 404 Controls — Scoped, Tested, Classified, Remediated

AI Governance

Govern Every AI System You Run — Including Ours

Audit

4 modules

Internal and external audits, evidence, findings, and AI-assisted questionnaires.

Audit Management

Plan, execute, and report on audits — internal and external — with AI-powered intelligence.

AI Questionnaire

Answer Security Questionnaires in Minutes, Not Weeks

Evidence Collection

Collect, Organize, and Present Evidence — Audit-Ready at All Times

Issues & Findings Tracker

Track Every Issue from Discovery to Resolution

Third Party

2 modules

Vendors and contracts — assessed, scored, and tied to the risks they create.

Vendor Risk Management

Assess, Monitor, and Manage Third-Party Risk at Scale

Contract Management

Track Every Contract from Draft to Expiry

Learning

1 module

Sage Certified: GRC learning that produces ISO 7.2 competence evidence.

Sage Certified

Build GRC Expertise That Becomes Audit Evidence

External Portals

1 module

Customer-facing access to your compliance posture.

Customer Portal

Give Customers Compliance Answers Before They Ask

Frequently Asked Questions

See Every Module in Action

Schedule a personalized demo tailored to your specific compliance needs.