💼 GRC consultants & practices

A practice runs many clients on many frameworks at once, and every engagement re-answers the same questions: what is in scope, what evidence exists, how fresh is it, what can we defend? Margins die in the retyping — and reputations die in the overclaim.

Book a demo → Try it on sample docs
Depth badged per laneMulti-client practice · every framework on one book of work

Frameworks on the engine serving this vertical

Read from the live catalogue at build time — a framework that is not live on the engine never renders here. Depth is badged per framework: consultant-grade only where we go deepest (ISM/IRAP, Essential Eight), Tier-A breadth everywhere else.
ISM (IRAP)Consultant-grade depth
ASD Essential EightConsultant-grade depth
ISO/IEC 27001:2022Tier-A breadthLicence-gated
SOC 2 (Trust Services Criteria)Tier-A breadthLicence-gated
SOC 1 (ISAE 3402)Tier-A breadthLicence-gated
ISO/IEC 42001:2023 (AI MS)Tier-A breadthLicence-gated
NIST AI RMF 1.0Tier-A breadth
CIS Controls v8Tier-A breadthLicence-gated
PCI DSS v4.0.1Tier-A breadth
NIST CSF 2.0Tier-A breadth
QLD FAIRATier-A breadth
US OMB M-25-21Tier-A breadth
UAE AI Ethics GuideTier-A breadth
Tasmania AI guidanceTier-A breadth

Licence-gated catalogues carry control IDs and CyberSentien's own labels only — the full standard text requires your licence and is never reproduced.

Depth today — stated honestly

Every framework live on the engine (33 today), one book of work: a multi-client practice view, per-engagement scoping, evidence freshness measured — not asserted — and reports that carry an Evidence Freshness Statement and an AI Assurance Statement. Depth varies by lane and is badged honestly: IRAP-grade on ISM / Essential Eight, Tier-A breadth elsewhere.

The global angle

A practice serves clients wherever their obligations sit, and the engine follows the frameworks, not the border. Every framework live on the engine — 33 today, ISM spine included — runs on one book of work. That spans Australia's regulator lanes and the internationally used security instruments (ISO/IEC 27001:2022, SOC 2 (Trust Services Criteria), SOC 1 (ISAE 3402), PCI DSS v4.0.1, NIST CSF 2.0, CIS Controls v8), plus AI-governance packs across 5 jurisdictions.

See it on the real engine

Run the frameworks above against synthetic sample documents now, or tell us where you sit and we'll send a gated, revocable demo link.

Request the demo →Try it now →