GRC software for you and your world
Built for federated teams wanting to supercharge GRC.
Unlimited AI-powered capability at your fingertips
-
Unlimited users
-
Unlimited use cases
-
Unlimited frameworks & content
-
Unlimited audits & assessments
-
Unlimited vendors
-
All features & modules
-
Hailey AI engine
-
Analytics & reporting
Pricing is based on the size of your organization.
Included standards, frameworks, libraries and templates
.png?width=90&height=82&name=SOC%202%20(1).png)
Explore 6clicks features in detail
Features
- The 'Spoke'
- Control & Compliance Assessment
- Internal Audit
- Risk Management
- Vendor & Third-Party Risk Management
- Issue & Incident Management
- Policy, Obligation & Control Management
- Compliance Management
- Artificial Intelligent
- Continuous Control Monitoring
- Custom Registers
- Asset Management
- Vulnerability Management
- Trust Portal
- Attestations
- Projects & Playbooks
- The 'Hub'
- Platform
Spoke features
Explore powerful GRC capability designed for teams - divisions, functions, portfolio companies, or regulated entities.
Control & Compliance Assessment
Send questionnaires or conduct assessor led assessments to collect evidence of conformity and control effectiveness.
| Assessment Only | Full Featured | |
|---|---|---|
|
Unlimited questionnaire-based assessments
|
|
|
|
Recurring and scheduled assessments
|
|
|
|
Skip logic for assessment branching
|
|
|
|
Unlimited requirements-based assessment for control self-assessment and internal audit
|
|
|
|
Automated audit and assessment response powered by Hailey GPT
|
|
|
|
Mapping to controls and authorities
|
|
|
|
Automated risk and incident recommendations
|
|
|
|
Evidence upload and attachments
|
|
|
|
Assessment tagging and categorization
|
|
|
|
Assessment and question-level access control
|
|
|
Internal Audit
Send questionnaires or deploy auditors to collect evidence and validate controls or compliance in your internal audits.
| Assessment Only | Full Featured | |
|---|---|---|
|
Audit evidence
|
|
|
|
Audit reports
|
|
|
|
Custom workflows
|
|
|
|
Compliance assessment
|
|
|
|
Audit findings and actions
|
|
|
|
Audit universe and plan
|
|
|
Risk Management
Record, assess and treat risk including IT and cyber risks in a central register for fast-moving teams and starting your risk management journey.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Risk registers
|
|
|
|
Risk reviews
|
|
|
|
Risk libraries
|
|
|
|
Custom workflows and stage requirements
|
|
|
|
Custom risk assessment frameworks
|
|
|
|
Custom fields
|
|
|
|
Tag management
|
|
|
|
Create risk treatment plans
|
|
|
|
AI-powered risk treatment plan generation
|
|
|
|
Assignment and management of risk treatment plans
|
|
|
|
Risk access control
|
|
|
|
Link risks to controls, issues, third parties, assessments, custom registers and more
|
|
|
|
Risk hierarchy
|
|
|
Vendor / Third-Party Risk Management
Send questionnaires to your vendors and drive remediation through issues and actions, whilst maintaining a central register of vendors.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Unlimited vendors
|
|
Unlimited
|
|
Recurring and scheduled assessments
|
|
|
|
Automated linking to risks and issues
|
|
|
|
Custom vendor onboarding forms
|
|
|
|
Automated vendor assessments
|
|
|
|
Onboarding and assessment workflows
|
|
|
|
Custom fields
|
|
|
|
Tag management
|
|
|
Issue & Incident Management
Record and manage incidents and issues in a central register with custom fields and workflow-driven action plans.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Registers
|
|
|
|
Issue and incident libraries
|
|
|
|
Custom workflows
|
|
|
|
Custom fields
|
|
|
|
Tag management
|
|
|
|
Task creation
|
|
|
|
AI-powered task generation
|
|
|
|
Task assignment and management
|
|
|
|
Issue and incident access control
|
|
|
|
Integrate with your ticketing software
|
|
|
|
Custom issue and incident submission forms
|
|
|
|
Link issues and incidents to controls, risks, third parties, assessments, custom registers and more
|
|
|
Policy, Obligation & Control Management
Define and map controls and obligations to compliance requirements, then drive first-line evidence collection through task-based workflows.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Manage obligations or control sets
|
|
|
|
Assignment of control responsibilities
|
|
|
|
Employee policy viewer
|
|
|
|
Automated control to compliance mapping with Hailey AI
|
|
|
|
Automatic updates to control linkages for new versions of standards and frameworks
|
|
|
Compliance Management
Load in standards, laws and regulations from our content library and use manual or AI-powered mapping for streamlined compliance management.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Compliance obligation management
|
|
|
|
Manual compliance mapping
|
|
|
|
Automated compliance mapping with Hailey AI
|
|
|
Artificial Intelligence (Hailey AI)
Turbocharge your GRC program with Hailey AI for automated control mapping, smart assessment responses and real-time risk insights.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Conversational AI assistant built for cyber GRC
|
|
|
|
Real-time insights into your GRC program
|
|
|
|
Context aware responses powered by AI and your data
|
|
|
|
Navigate to assessments, risks, issues, third parties, controls and more
|
|
|
|
Contextual support, education and knowledge base article recommendations
|
|
|
Continuous Compliance Management
Continuous control monitoring via system integrations for automated checks, tests and real-time alerts.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Automated and continuous testing of internal technical controls
|
|
|
|
Real-time alerts for control failures, configuration issues, and security incidents
|
|
|
|
Reporting, including test coverage, pass-fail ratios and control performance
|
|
|
|
Reporting, including test coverage, pass-fail ratios and control performance
|
|
|
|
Actionable recommendations
|
|
|
|
Integrations with cloud providers and monitoring tools (Wiz, Laceworks, Azure and more)
|
|
|
Custom Registers
Capture and manage auxiliary GRC data—systems, locations, assets, and more—with customizable registers, forms, workflows and granular access controls.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Unlimited custom registers and register items
|
|
|
|
Custom fields per register
|
|
|
|
Custom workflows per register
|
|
|
|
Task assignment and management
|
|
|
|
AI-powered task generation
|
|
|
|
Link register items to issues, incidents, risks and more
|
|
|
|
Data entry via integrations and APIs
|
|
|
|
Tag management
|
|
|
|
Register access control
|
|
|
Asset Management
Track and classify assets in a purpose-built register with built-in fields for classifications, owners and third-party links.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Unlimited assets
|
|
|
|
Custom fields
|
|
|
|
Custom workflows
|
|
|
|
Task assignment and management
|
|
|
|
AI-powered task generation
|
|
|
|
Link to issues, incidents, risks, vulnerabilities, custom registers and more
|
|
|
|
Integrate with your CMDB
|
|
|
|
Tag management
|
|
|
|
Asset access control
|
|
|
Vulnerability Management
Ingest vulnerability scans from Qualys and Nessus, map findings to asset classifications, and prioritize remediation.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Ingest vulnerability data from scanning tools
|
|
|
|
Pre-defined mappings to Nessus and Qualys
|
|
|
|
Define your own mappings for any scanning tool
|
|
|
|
Automated linkage to assets, risks and issues
|
|
|
Trust Portal
Share assessments, policies and supporting artifacts in a secure, branded Trust Portal to build transparency and stakeholder confidence.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Share audits, assessments and control sets
|
|
|
|
Profile viewer access management
|
|
|
|
Public trust portal profiles and content
|
|
|
|
Tag management
|
|
|
|
Upload supporting documentation
|
|
|
Attestations
Assign selected risks or controls to owners for review and electronic sign-off via a simple, trackable attestation workflow.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Run attestation flows for control sets and risks
|
|
|
|
Unlimited attestation respondents
|
|
|
Projects & Playbooks
Define any process—assessment workflows, incident response plans, and more—as templated, linked tasks and subtasks ready for assignment.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Create project and playbook templates
|
|
|
|
Create, assign and manage tasks
|
|
|
|
Link projects and playbooks to assessments, audits, risks, issues, custom registers and more
|
|
|
|
Track and report on progress
|
|
|
Hub features
Support autonomy at the team level, with centralized control and reporting across the organization - all in one powerful GRC platform.
.svg)
Spoke management
Manage multiple team spokes in a central Hub—define standards and roll-up reporting.
| Included | |
|---|---|
|
Hub for central access and control
|
|
|
Spoke grouping and segmentation
|
|
|
Spoke templating
|
|
|
Bulk assess Spokes
|
|
Content
Access and customise a library of pre-built frameworks, controls, policies and templates, then deploy them across your spokes.
| Included | |
|---|---|
|
Access the 6clicks content library
|
|
|
Define your own content
|
|
|
Share content with clients
|
|
|
Create your own exclusive content library
|
|
|
Integrated frameworks, standards, laws, and regulations
|
|
|
Pre-defined risk and issue libaries
|
|
|
Pre-defined audit and assessment templates
|
|
|
Pre-defined obligation and control sets
|
|
|
Pre-defined projects and playbooks
|
|
|
Define your own content
|
|
|
Share content and templates with Spokes
|
|
Platform
User Access & Security
Enforce role-based access, SSO, MFA and fine-grained permissions with complete audit trails.
| Assessment-Only | Full Featured | |
|---|---|---|
|
Role based access control (RBAC)
|
|
|
|
Multi-factor authentication
|
|
|
|
Single Sign-On (Okta, Azure AD, PingID)
|
|
|
|
Data level permissions
|
|
|
|
Custom branding
|
|
|
|
Use your own email domain for notifications
|
Ask us
|
Ask us
|
|
Use your own domain - i.e., grc.yourdomain.com
|
Ask us
|
Ask us
|
Reporting & Analytics
Visualize GRC metrics via real-time dashboards, reports, presentations, stories and scheduled custom reports.
| Included | |
|---|---|
|
Pre-built reports
|
|
|
Dashboards
|
|
|
LiveDocs stories and presentations
|
|
|
Custom report builder
|
|
|
Send reports to external team members
|
|
|
PowerBI connector for advanced analytics
|
|
|
Rolled up reporting and analytics across spokes
|
|
Developer API
Extend and automate GRC workflows with our RESTful API—access data, trigger actions and integrate seamlessly with your systems.
| Included | |
|---|---|
|
Developer API using REST architecture
|
|
|
Build custom GRC workflows
|
|
|
Trigger internal and external events
|
|
|
Export and integrate data for advanced reporting
|
|
|
Build custom control tests
|
|
Intelligently accelerate your cyber risk and compliance program today
Stop wasting time with complicated pricing, longwinded consulting efforts and outdated technology.
