Evaluate your governance, risk, and compliance performance. Receive your GRC Score. Join organisations building verifiable, standards-based trust.
Our platform empowers organizations, industries, stakeholders, and customers with trusted insights, stronger governance, and measurable compliance improvements.
Our platform empowers organizations, industries, stakeholders, and customers with trusted insights, stronger governance, and measurable compliance improvements.
Understand the step-by-step process to measure, benchmark, and improve your organization's governance, risk, and compliance performance.
Complete a structured questionnaire aligned to COSO, ISO 27001, SOC 2, and ISAE 3402 frameworks. Submit documentary evidence to validate your governance policies, risk controls, and compliance practices.
Your submission is analysed by both algorithmic scoring and independent GRC expert reviewers. Performance is evaluated across all five GRC domains: Governance, Risk Management, Compliance, Resilience, and Data Security.
Approved organisations receive a GRC Score, a public profile in the GRC Index, and a prioritised set of improvement recommendations to advance their compliance maturity further.
Your GRC Score is a quantified, evidence-backed measure of your organisation's governance, risk management, and compliance maturity. It is calculated by GRC Index expert reviewers across five weighted domains, benchmarked against recognised international standards.
Governance Board-level oversight, policy framework, accountability structures, and strategic risk alignment
Risk Management Risk identification methodology, risk appetite statements, control testing, and risk reporting cadence
Compliance Regulatory mapping, audit readiness, internal policy adherence, and third-party compliance evidence
Resilience Business continuity plans, incident response procedures, disaster recovery testing, and operational resilience
Data Security Information security controls aligned to ISO 27001; SOC 2 Trust Services Criteria coverage; access controls and encryption standards
LEARN MORE
GRC Index is an independent, nonprofit benchmarking initiative headquartered at 63–66 Hatton Garden, London EC1N 8LE. Our mission is to make governance, risk, and compliance performance transparent, measurable, and improvable for every organisation operating in the UK and Europe.
Our assessment framework draws on five recognised international and professional standards:
A GRC assessment is a structured evaluation of an organisation's governance, risk management, and compliance (GRC) practices against internationally recognised standards such as COSO, ISO 27001, and SOC 2. It produces a benchmarked GRC Score that identifies strengths, control gaps, and priority improvement actions.
The GRC Index is an independent, nonprofit platform where UK and European organisations can assess, score, and publicly demonstrate their governance, risk, and compliance performance. Organisations that pass expert review receive a GRC Score and a public profile in the Index.
The process has three stages: (1) complete a standards-based questionnaire and submit supporting evidence; (2) undergo expert review and algorithmic scoring across five GRC domains; (3) receive a GRC Score, public Index listing, and prioritised improvement recommendations upon approval.
Any UK or European organisation wishing to demonstrate governance, risk, and compliance maturity to customers, regulators, or investors should complete a GRC assessment. It is most valuable for organisations in financial services, technology, professional services, and regulated industries.
Yes. The initial GRC assessment at GRC Index is free to complete. After submitting your questionnaire and evidence, your responses are reviewed by GRC experts. Organisations meeting the benchmark standard receive a GRC Score and Index listing at no charge.
GRC Index provides personalised recommendations based on your assessment results, covering governance structure, risk management frameworks, compliance controls, data security, and resilience. For structured training, Securance offers CPD-certified courses in GRC Essentials, SOC 2, ISAE 3402, ISO 27001, and ISAE 3000.
GRC Index assessments are aligned to five internationally recognised frameworks: COSO (internal controls and ERM), ISO 27001 (information security), SOC 2 AICPA Trust Services Criteria, ISAE 3402 (service organisation controls), and ISAE 3000 (assurance engagements). Scoring reflects best practice across all five standards.
A GRC assessment is a self-reported evaluation of governance, risk, and compliance practices, validated by expert review and evidence submission. A GRC audit is a formal third-party examination of specific controls. GRC Index assessments provide an accessible, structured entry point before formal audit engagement.
© 2025 GRC Index. All rights reserved.