Skip to main content
ConcertoGRC

Orchestrated by Concerto Compliance

Everything you need to manage compliance across SOC 2, ISO 27001, PCI DSS, HIPAA, and ISO 42001.

Get StartedBrowse Docs

Documentation

Getting Started

Platform overview, navigation, and understanding roles & permissions.

Audit Firm Platform

A standalone product for audit firms - manage clients, conduct assessments, and deliver reports across SOC 2, ISO 27001, and more.

Compliance

Framework controls, evidence collection, recurring activities, and policies.

Risk Management

Risk register with scoring, vendor management, and treatment tracking.

Identity & Access

Personnel directory, application inventory, grants, and access reviews.

Security Operations

Vulnerability scanning, endpoint compliance, phishing sims, and incident response.

Integrations

Connect AWS, Microsoft 365, Google Workspace, and MDM providers.

AI Features

Document analysis, risk remediation, policy drafting, and evidence mapping.

Administration

Users, settings, integrations config, and AI configuration.

Reporting

Compliance reports, KPI tracking, and AI-generated meeting decks.

Employee Portal

Employee-facing vendor directory, training, policy acknowledgment, and incidents.

Platform Security

Architecture, encryption, tenant isolation, privacy policy, and compliance posture.

Resources

Changelog, glossary of GRC terms, and frequently asked questions.

Popular Topics

Uploading EvidenceTrack validity periods and manage evidence collectionRisk ScoringInherent vs. residual scoring with 5x5 heat mapConnecting IntegrationsSet up Microsoft 365, Google Workspace, or AWSVulnerability ScanningRun Nuclei and ZAP scans against your targets